From sle-security-updates at lists.suse.com Wed Nov 1 08:04:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:04:06 +0100 (CET) Subject: SUSE-CU-2023:3634-1: Security update of suse/sle15 Message-ID: <20231101080406.3DE74FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3634-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.207 , suse/sle15:15.3 , suse/sle15:15.3.17.20.207 Container Release : 17.20.207 Severity : important Type : security References : 1196647 1206480 1206684 1210557 1211427 1212101 1212475 1213915 1214052 1214460 1215215 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4226-1 Released: Fri Oct 27 11:14:10 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4309-1 Released: Tue Oct 31 14:09:03 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - container-suseconnect-2.4.0-150000.4.42.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.79.1 updated - libopenssl1_1-1.1.1d-150200.11.79.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libz1-1.2.11-150000.3.48.1 updated - openssl-1_1-1.1.1d-150200.11.79.1 updated From sle-security-updates at lists.suse.com Wed Nov 1 08:04:39 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:04:39 +0100 (CET) Subject: SUSE-CU-2023:3635-1: Security update of bci/bci-init Message-ID: <20231101080439.D420FF417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3635-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.20 Container Release : 30.20 Severity : important Type : security References : 1107342 1196647 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215286 1215313 1215434 1215891 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-4813 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libudev1-249.16-150400.8.35.5 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - systemd-249.16-150400.8.35.5 updated - container:sles15-image-15.0.0-27.14.116 updated From sle-security-updates at lists.suse.com Wed Nov 1 08:06:54 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:06:54 +0100 (CET) Subject: SUSE-CU-2023:3640-1: Security update of suse/sle15 Message-ID: <20231101080654.7716AF417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3640-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.116 , suse/sle15:15.4 , suse/sle15:15.4.27.14.116 Container Release : 27.14.116 Severity : important Type : security References : 1196647 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4309-1 Released: Tue Oct 31 14:09:03 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - container-suseconnect-2.4.0-150000.4.42.1 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated From sle-security-updates at lists.suse.com Wed Nov 1 08:08:50 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 1 Nov 2023 09:08:50 +0100 (CET) Subject: SUSE-CU-2023:3651-1: Security update of bci/bci-init Message-ID: <20231101080850.97DFEFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3651-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.10.28 , bci/bci-init:latest Container Release : 10.28 Severity : important Type : security References : 1196647 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libtirpc3-1.3.4-150300.3.20.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-security-updates at lists.suse.com Wed Nov 1 08:30:02 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 01 Nov 2023 08:30:02 -0000 Subject: SUSE-SU-2023:4328-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP4) Message-ID: <169882740296.12567.16713198633622428453@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:4328-1 Rating: important References: * bsc#1215440 Cross-References: * CVE-2023-4623 CVSS scores: * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_88 fixes one issue. The following security issue was fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4327=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4328=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4328=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4327=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_18-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-2-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_28-default-2-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_5-debugsource-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_28-default-debuginfo-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_28-default-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-SLE15-SP5_Update_5-debugsource-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_28-default-debuginfo-2-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_18-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-2-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 1 08:30:05 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 01 Nov 2023 08:30:05 -0000 Subject: SUSE-SU-2023:4331-1: important: Security update for libsndfile Message-ID: <169882740557.12567.11056435846800501803@smelt2.prg2.suse.org> # Security update for libsndfile Announcement ID: SUSE-SU-2023:4331-1 Rating: important References: * bsc#1213451 Cross-References: * CVE-2022-33065 CVSS scores: * CVE-2022-33065 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-33065 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libsndfile fixes the following issues: * CVE-2022-33065: Fixed an integer overflow that could cause memory safety issues when reading a MAT4 file (bsc#1213451). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4331=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4331=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4331=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4331=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libsndfile-devel-1.0.25-36.29.1 * libsndfile-debugsource-1.0.25-36.29.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libsndfile-debugsource-1.0.25-36.29.1 * libsndfile1-1.0.25-36.29.1 * libsndfile1-debuginfo-1.0.25-36.29.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libsndfile1-debuginfo-32bit-1.0.25-36.29.1 * libsndfile1-32bit-1.0.25-36.29.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libsndfile-debugsource-1.0.25-36.29.1 * libsndfile1-1.0.25-36.29.1 * libsndfile1-debuginfo-1.0.25-36.29.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libsndfile1-debuginfo-32bit-1.0.25-36.29.1 * libsndfile1-32bit-1.0.25-36.29.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libsndfile-debugsource-1.0.25-36.29.1 * libsndfile1-1.0.25-36.29.1 * libsndfile1-debuginfo-1.0.25-36.29.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libsndfile1-debuginfo-32bit-1.0.25-36.29.1 * libsndfile1-32bit-1.0.25-36.29.1 ## References: * https://www.suse.com/security/cve/CVE-2022-33065.html * https://bugzilla.suse.com/show_bug.cgi?id=1213451 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 1 08:30:07 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 01 Nov 2023 08:30:07 -0000 Subject: SUSE-SU-2023:4330-1: important: Security update for libsndfile Message-ID: <169882740779.12567.2095946497343901709@smelt2.prg2.suse.org> # Security update for libsndfile Announcement ID: SUSE-SU-2023:4330-1 Rating: important References: * bsc#1213451 Cross-References: * CVE-2022-33065 CVSS scores: * CVE-2022-33065 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-33065 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libsndfile fixes the following issues: * CVE-2022-33065: Fixed an integer overflow that could cause memory safety issues when reading a MAT4 file (bsc#1213451). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4330=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4330=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4330=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4330=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4330=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4330=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4330=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4330=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4330=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4330=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4330=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4330=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4330=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4330=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4330=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4330=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4330=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4330=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4330=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4330=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Manager Proxy 4.2 (x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE CaaS Platform 4.0 (x86_64) * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-1.0.28-150000.5.20.1 * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libsndfile-progs-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile-progs-debuginfo-1.0.28-150000.5.20.1 * libsndfile1-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-progs-debugsource-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * openSUSE Leap 15.4 (x86_64) * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libsndfile-progs-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile-progs-debuginfo-1.0.28-150000.5.20.1 * libsndfile1-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-progs-debugsource-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * openSUSE Leap 15.5 (x86_64) * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * SUSE Package Hub 15 15-SP5 (x86_64) * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libsndfile1-32bit-1.0.28-150000.5.20.1 * libsndfile1-32bit-debuginfo-1.0.28-150000.5.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libsndfile1-1.0.28-150000.5.20.1 * libsndfile-debugsource-1.0.28-150000.5.20.1 * libsndfile1-debuginfo-1.0.28-150000.5.20.1 * libsndfile-devel-1.0.28-150000.5.20.1 ## References: * https://www.suse.com/security/cve/CVE-2022-33065.html * https://bugzilla.suse.com/show_bug.cgi?id=1213451 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 1 08:30:10 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 01 Nov 2023 08:30:10 -0000 Subject: SUSE-SU-2023:4329-1: important: Security update for slurm Message-ID: <169882741085.12567.4176377740347536532@smelt2.prg2.suse.org> # Security update for slurm Announcement ID: SUSE-SU-2023:4329-1 Rating: important References: * bsc#1208810 * bsc#1216207 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4329=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4329=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4329=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-plugins-20.11.9-150200.6.13.1 * libpmi0_20_11-20.11.9-150200.6.13.1 * slurm_20_11-slurmdbd-20.11.9-150200.6.13.1 * slurm_20_11-sql-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-devel-20.11.9-150200.6.13.1 * slurm_20_11-auth-none-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-torque-20.11.9-150200.6.13.1 * slurm_20_11-webdoc-20.11.9-150200.6.13.1 * slurm_20_11-debugsource-20.11.9-150200.6.13.1 * slurm_20_11-rest-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-lua-20.11.9-150200.6.13.1 * slurm_20_11-rest-20.11.9-150200.6.13.1 * slurm_20_11-hdf5-20.11.9-150200.6.13.1 * slurm_20_11-pam_slurm-20.11.9-150200.6.13.1 * libnss_slurm2_20_11-20.11.9-150200.6.13.1 * slurm_20_11-plugins-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-torque-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-seff-20.11.9-150200.6.13.1 * slurm_20_11-sview-20.11.9-150200.6.13.1 * slurm_20_11-config-20.11.9-150200.6.13.1 * slurm_20_11-munge-20.11.9-150200.6.13.1 * slurm_20_11-slurmdbd-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-sview-debuginfo-20.11.9-150200.6.13.1 * libpmi0_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-lua-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-config-man-20.11.9-150200.6.13.1 * slurm_20_11-pam_slurm-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-node-20.11.9-150200.6.13.1 * perl-slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-node-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-cray-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-openlava-20.11.9-150200.6.13.1 * slurm_20_11-sql-20.11.9-150200.6.13.1 * slurm_20_11-auth-none-20.11.9-150200.6.13.1 * perl-slurm_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-hdf5-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-doc-20.11.9-150200.6.13.1 * libnss_slurm2_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-sjstat-20.11.9-150200.6.13.1 * slurm_20_11-cray-20.11.9-150200.6.13.1 * slurm_20_11-munge-debuginfo-20.11.9-150200.6.13.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-plugins-20.11.9-150200.6.13.1 * libpmi0_20_11-20.11.9-150200.6.13.1 * slurm_20_11-slurmdbd-20.11.9-150200.6.13.1 * slurm_20_11-sql-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-devel-20.11.9-150200.6.13.1 * slurm_20_11-auth-none-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-torque-20.11.9-150200.6.13.1 * slurm_20_11-webdoc-20.11.9-150200.6.13.1 * slurm_20_11-debugsource-20.11.9-150200.6.13.1 * slurm_20_11-rest-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-lua-20.11.9-150200.6.13.1 * slurm_20_11-rest-20.11.9-150200.6.13.1 * slurm_20_11-hdf5-20.11.9-150200.6.13.1 * slurm_20_11-pam_slurm-20.11.9-150200.6.13.1 * libnss_slurm2_20_11-20.11.9-150200.6.13.1 * slurm_20_11-plugins-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-torque-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-seff-20.11.9-150200.6.13.1 * slurm_20_11-sview-20.11.9-150200.6.13.1 * slurm_20_11-config-20.11.9-150200.6.13.1 * slurm_20_11-munge-20.11.9-150200.6.13.1 * slurm_20_11-slurmdbd-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-sview-debuginfo-20.11.9-150200.6.13.1 * libpmi0_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-lua-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-config-man-20.11.9-150200.6.13.1 * slurm_20_11-pam_slurm-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-node-20.11.9-150200.6.13.1 * perl-slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-node-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-cray-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-openlava-20.11.9-150200.6.13.1 * slurm_20_11-sql-20.11.9-150200.6.13.1 * slurm_20_11-auth-none-20.11.9-150200.6.13.1 * perl-slurm_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-hdf5-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-doc-20.11.9-150200.6.13.1 * libnss_slurm2_20_11-debuginfo-20.11.9-150200.6.13.1 * slurm_20_11-sjstat-20.11.9-150200.6.13.1 * slurm_20_11-cray-20.11.9-150200.6.13.1 * slurm_20_11-munge-debuginfo-20.11.9-150200.6.13.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libslurm36-20.11.9-150200.6.13.1 * slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-plugins-20.11.9-150200.6.13.1 * libpmi0_20_11-20.11.9-150200.6.13.1 * slurm_20_11-slurmdbd-20.11.9-150200.6.13.1 * slurm_20_11-torque-20.11.9-150200.6.13.1 * slurm_20_11-devel-20.11.9-150200.6.13.1 * slurm_20_11-webdoc-20.11.9-150200.6.13.1 * slurm_20_11-lua-20.11.9-150200.6.13.1 * slurm_20_11-pam_slurm-20.11.9-150200.6.13.1 * libnss_slurm2_20_11-20.11.9-150200.6.13.1 * slurm_20_11-sview-20.11.9-150200.6.13.1 * slurm_20_11-munge-20.11.9-150200.6.13.1 * slurm_20_11-config-20.11.9-150200.6.13.1 * slurm_20_11-config-man-20.11.9-150200.6.13.1 * slurm_20_11-node-20.11.9-150200.6.13.1 * perl-slurm_20_11-20.11.9-150200.6.13.1 * slurm_20_11-sql-20.11.9-150200.6.13.1 * slurm_20_11-auth-none-20.11.9-150200.6.13.1 * slurm_20_11-doc-20.11.9-150200.6.13.1 * libslurm36-debuginfo-20.11.9-150200.6.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 2 08:04:00 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:04:00 +0100 (CET) Subject: SUSE-CU-2023:3658-1: Security update of suse/sles12sp5 Message-ID: <20231102080400.CD9D6F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3658-1 Container Tags : suse/sles12sp5:6.5.529 , suse/sles12sp5:latest Container Release : 6.5.529 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4287-1 Released: Tue Oct 31 09:03:38 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-1.6.1 updated - libstdc++6-13.2.1+git7813-1.6.1 updated From sle-security-updates at lists.suse.com Thu Nov 2 08:05:44 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:05:44 +0100 (CET) Subject: SUSE-CU-2023:3659-1: Security update of suse/sle15 Message-ID: <20231102080544.92573F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3659-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.838 Container Release : 6.2.838 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4309-1 Released: Tue Oct 31 14:09:03 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.42.1 updated From sle-security-updates at lists.suse.com Thu Nov 2 08:07:14 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:07:14 +0100 (CET) Subject: SUSE-CU-2023:3660-1: Security update of suse/sle15 Message-ID: <20231102080714.112F2F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3660-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.365 Container Release : 9.5.365 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4309-1 Released: Tue Oct 31 14:09:03 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.42.1 updated From sle-security-updates at lists.suse.com Thu Nov 2 08:08:16 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:08:16 +0100 (CET) Subject: SUSE-CU-2023:3665-1: Security update of bci/openjdk-devel Message-ID: <20231102080816.50ED2F417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3665-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.57 , bci/openjdk-devel:latest Container Release : 12.57 Severity : important Type : security References : 1196647 1214790 1216339 1216374 CVE-2023-22025 CVE-2023-22081 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4289-1 Released: Tue Oct 31 09:15:08 2023 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1214790,1216339,1216374,CVE-2023-22025,CVE-2023-22081 This update for java-17-openjdk fixes the following issues: - Updated to JDK 17.0.9+9 (October 2023 CPU): - CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS (bsc#1216374). - CVE-2023-22025: Fixed a memory corruption issue in applications using AVX-512 (bsc#1216339). Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/17all-relnotes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - java-17-openjdk-headless-17.0.9.0-150400.3.33.1 updated - java-17-openjdk-17.0.9.0-150400.3.33.1 updated - java-17-openjdk-devel-17.0.9.0-150400.3.33.1 updated - container:bci-openjdk-17-15.5.17-12.28 updated From sle-security-updates at lists.suse.com Thu Nov 2 08:08:28 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:08:28 +0100 (CET) Subject: SUSE-CU-2023:3666-1: Security update of bci/openjdk Message-ID: <20231102080828.E09CFFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3666-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.28 , bci/openjdk:latest Container Release : 12.28 Severity : important Type : security References : 1196647 1214790 1216339 1216374 CVE-2023-22025 CVE-2023-22081 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4289-1 Released: Tue Oct 31 09:15:08 2023 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1214790,1216339,1216374,CVE-2023-22025,CVE-2023-22081 This update for java-17-openjdk fixes the following issues: - Updated to JDK 17.0.9+9 (October 2023 CPU): - CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS (bsc#1216374). - CVE-2023-22025: Fixed a memory corruption issue in applications using AVX-512 (bsc#1216339). Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/17all-relnotes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - java-17-openjdk-headless-17.0.9.0-150400.3.33.1 updated - java-17-openjdk-17.0.9.0-150400.3.33.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-security-updates at lists.suse.com Thu Nov 2 08:09:51 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Nov 2023 09:09:51 +0100 (CET) Subject: SUSE-CU-2023:3673-1: Security update of suse/rmt-server Message-ID: <20231102080951.52837F417@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3673-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.27 , suse/rmt-server:latest Container Release : 11.27 Severity : important Type : security References : 1107342 1193035 1196647 1205726 1206480 1206684 1209891 1209967 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215286 1215313 1215434 1215891 1216123 1216174 1216378 CVE-2021-33621 CVE-2021-41817 CVE-2023-28755 CVE-2023-28756 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-4813 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4176-1 Released: Tue Oct 24 15:35:11 2023 Summary: Security update for ruby2.5 Type: security Severity: important References: 1193035,1205726,1209891,1209967,CVE-2021-33621,CVE-2021-41817,CVE-2023-28755,CVE-2023-28756 This update for ruby2.5 fixes the following issues: - CVE-2023-28755: Fixed a ReDoS vulnerability in URI. (bsc#1209891) - CVE-2023-28756: Fixed an expensive regexp in the RFC2822 time parser. (bsc#1209967) - CVE-2021-41817: Fixed a Regular Expression Denial of Service Vulnerability of Date Parsing Methods. (bsc#1193035) - CVE-2021-33621: Fixed a HTTP response splitting vulnerability in CGI gem. (bsc#1205726) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4195-1 Released: Wed Oct 25 11:18:26 2023 Summary: Recommended update for mariadb-connector-c Type: recommended Severity: moderate References: This update for mariadb-connector-c fixes the following issues: - Update to release 3.1.21: * https://mariadb.com/kb/en/mariadb-connector-c-3-1-21-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3-1-20-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3-1-19-release-notes/ * https://mariadb.com/kb/en/mariadb-connectorc-3-1-18-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3117-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3116-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3115-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3114-release-notes/ ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - glibc-2.31-150300.63.1 updated - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libudev1-249.16-150400.8.35.5 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - libmariadb3-3.1.21-150000.3.33.3 updated - libruby2_5-2_5-2.5.9-150000.4.29.1 updated - ruby2.5-stdlib-2.5.9-150000.4.29.1 updated - ruby2.5-2.5.9-150000.4.29.1 updated - container:sles15-image-15.0.0-36.5.52 updated From sle-security-updates at lists.suse.com Thu Nov 2 11:37:52 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:37:52 +0100 (CET) Subject: SUSE-CU-2023:3677-1: Security update of suse/sle15 Message-ID: <20231102113752.CFEFAFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3677-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.52 , suse/sle15:15.5 , suse/sle15:15.5.36.5.52 Container Release : 36.5.52 Severity : important Type : security References : 1196647 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4309-1 Released: Tue Oct 31 14:09:03 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - container-suseconnect-2.4.0-150000.4.42.1 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated From sle-security-updates at lists.suse.com Thu Nov 2 11:37:59 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:37:59 +0100 (CET) Subject: SUSE-CU-2023:3678-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231102113759.3062EFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3678-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.8 , suse/manager/4.3/proxy-httpd:4.3.8.9.37.28 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.8 , suse/manager/4.3/proxy-httpd:susemanager-4.3.8.9.37.28 Container Release : 9.37.28 Severity : important Type : security References : 1107342 1206480 1206684 1210253 1210557 1211078 1211427 1211829 1212101 1212819 1212910 1213854 1213915 1214052 1214292 1214395 1214460 1214806 1215007 1215026 1215215 1215286 1215313 1215434 1215713 1215820 1215857 1215888 1215889 1215891 1216123 1216174 1216268 1216378 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-46228 CVE-2023-4641 CVE-2023-4813 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3973-1 Released: Thu Oct 5 10:14:49 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3977-1 Released: Thu Oct 5 11:43:46 2023 Summary: Maintenance update for SUSE Manager 4.3.8 Release Notes Type: recommended Severity: important References: 1210253,1215820,1215857 Maintenance update for SUSE Manager 4.3.8 Release Notes: This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4194-1 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libudev1-249.16-150400.8.35.5 updated - libeconf0-0.5.2-150400.3.6.1 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - libzck1-1.1.16-150400.3.7.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - zypper-1.14.64-150400.3.32.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - curl-8.0.1-150400.5.32.1 updated - release-notes-susemanager-proxy-4.3.8.2-150400.3.64.3 updated - systemd-249.16-150400.8.35.5 updated - python3-rpm-4.14.3-150400.59.3.1 updated - python3-cryptography-3.3.2-150400.20.3 updated From sle-security-updates at lists.suse.com Thu Nov 2 11:38:02 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:38:02 +0100 (CET) Subject: SUSE-CU-2023:3679-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231102113802.3FDD2FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3679-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.8 , suse/manager/4.3/proxy-salt-broker:4.3.8.9.27.27 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.8 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.8.9.27.27 Container Release : 9.27.27 Severity : important Type : security References : 1107342 1206480 1206684 1210557 1211078 1211427 1211829 1212101 1212819 1212910 1213854 1213915 1214052 1214292 1214395 1214460 1214806 1215007 1215026 1215215 1215286 1215313 1215434 1215713 1215888 1215889 1215891 1216123 1216174 1216268 1216378 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-46228 CVE-2023-4641 CVE-2023-4813 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3973-1 Released: Thu Oct 5 10:14:49 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libudev1-249.16-150400.8.35.5 updated - libeconf0-0.5.2-150400.3.6.1 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - libzck1-1.1.16-150400.3.7.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - zypper-1.14.64-150400.3.32.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - curl-8.0.1-150400.5.32.1 updated - openssl-1_1-1.1.1l-150400.7.57.1 updated From sle-security-updates at lists.suse.com Thu Nov 2 11:38:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:38:06 +0100 (CET) Subject: SUSE-CU-2023:3680-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20231102113806.347DAFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3680-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.8 , suse/manager/4.3/proxy-squid:4.3.8.9.36.24 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.8 , suse/manager/4.3/proxy-squid:susemanager-4.3.8.9.36.24 Container Release : 9.36.24 Severity : important Type : security References : 1107342 1206480 1206684 1210557 1211078 1211427 1211829 1212101 1212819 1212910 1213915 1214052 1214460 1214806 1215026 1215215 1215286 1215313 1215434 1215713 1215888 1215889 1215891 1216123 1216174 1216378 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-4641 CVE-2023-4813 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated From sle-security-updates at lists.suse.com Thu Nov 2 11:38:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:38:09 +0100 (CET) Subject: SUSE-CU-2023:3681-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20231102113809.65868FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3681-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.8 , suse/manager/4.3/proxy-ssh:4.3.8.9.27.24 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.8 , suse/manager/4.3/proxy-ssh:susemanager-4.3.8.9.27.24 Container Release : 9.27.24 Severity : important Type : security References : 1107342 1206480 1206684 1210557 1211078 1211427 1211829 1212101 1212819 1212910 1213915 1214052 1214460 1214806 1215026 1215215 1215286 1215313 1215434 1215713 1215888 1215889 1215891 1216123 1216174 1216378 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-4641 CVE-2023-4813 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libudev1-249.16-150400.8.35.5 updated - libeconf0-0.5.2-150400.3.6.1 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated From sle-security-updates at lists.suse.com Thu Nov 2 11:38:12 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:38:12 +0100 (CET) Subject: SUSE-CU-2023:3682-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231102113812.D55AAFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3682-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.8 , suse/manager/4.3/proxy-tftpd:4.3.8.9.27.24 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.8 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.8.9.27.24 Container Release : 9.27.24 Severity : important Type : security References : 1107342 1206480 1206684 1210557 1211078 1211427 1211829 1212101 1212819 1212910 1213915 1214052 1214460 1214806 1215026 1215215 1215286 1215313 1215434 1215713 1215888 1215889 1215891 1215968 1216123 1216174 1216378 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-4039 CVE-2023-43804 CVE-2023-44487 CVE-2023-45853 CVE-2023-4641 CVE-2023-4813 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4108-1 Released: Wed Oct 18 11:51:12 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1215968,CVE-2023-43804 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4194-1 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - openssl-1_1-1.1.1l-150400.7.57.1 updated - python3-cryptography-3.3.2-150400.20.3 updated - python3-urllib3-1.25.10-150300.4.6.1 updated From sle-security-updates at lists.suse.com Thu Nov 2 11:38:32 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:38:32 +0100 (CET) Subject: SUSE-CU-2023:3683-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231102113832.3E5A0FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3683-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.487 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.487 Severity : important Type : security References : 1196647 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4226-1 Released: Fri Oct 27 11:14:10 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.79.1 updated - libopenssl1_1-1.1.1d-150200.11.79.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libz1-1.2.11-150000.3.48.1 updated - openssl-1_1-1.1.1d-150200.11.79.1 updated - container:sles15-image-15.0.0-17.20.207 updated From sle-security-updates at lists.suse.com Thu Nov 2 11:39:36 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Nov 2023 12:39:36 +0100 (CET) Subject: SUSE-CU-2023:3685-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231102113936.07013FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3685-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.309 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.309 Severity : important Type : security References : 1196647 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4226-1 Released: Fri Oct 27 11:14:10 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.79.1 updated - libopenssl1_1-1.1.1d-150200.11.79.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libz1-1.2.11-150000.3.48.1 updated - openssl-1_1-1.1.1d-150200.11.79.1 updated - container:sles15-image-15.0.0-17.20.207 updated From sle-security-updates at lists.suse.com Thu Nov 2 12:30:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 02 Nov 2023 12:30:09 -0000 Subject: SUSE-SU-2023:4287-2: important: Security update for gcc13 Message-ID: <169892820908.6086.16141656462033695002@smelt2.prg2.suse.org> # Security update for gcc13 Announcement ID: SUSE-SU-2023:4287-2 Rating: important References: * bsc#1206480 * bsc#1206684 * bsc#1210557 * bsc#1211427 * bsc#1212101 * bsc#1213915 * bsc#1214052 * bsc#1214460 * jsc#PED-153 * jsc#PED-2005 * jsc#PED-252 * jsc#PED-253 * jsc#PED-6584 Cross-References: * CVE-2023-4039 CVSS scores: * CVE-2023-4039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4039 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Toolchain Module 12 An update that solves one vulnerability, contains five features and has seven security fixes can now be installed. ## Description: This update for gcc13 fixes the following issues: NOTE: This update was retracted as it caused breakage with third party applications. This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: * install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages. * override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) * Turn cross compiler to s390x to a glibc cross. [bsc#1214460] * Also handle -static-pie in the default-PIE specs * Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] * Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] * Add new x86-related intrinsics (amxcomplexintrin.h). * RISC-V: Add support for inlining subword atomic operations * Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. * Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. * Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. * Bump included newlib to version 4.3.0. * Also package libhwasan_preinit.o on aarch64. * Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. * Package libhwasan_preinit.o on x86_64. * Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] * Enable PRU flavour for gcc13 * update floatn fixinclude pickup to check each header separately (bsc#1206480) * Redo floatn fixinclude pick-up to simply keep what is there. * Bump libgo SONAME to libgo22. * Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. * Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. * Depend on at least LLVM 13 for GCN cross compiler. * Update embedded newlib to version 4.2.0 * Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Toolchain Module 12 zypper in -t patch SUSE-SLE-Module-Toolchain-12-2023-4287=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4287=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4287=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4287=1 ## Package List: * Toolchain Module 12 (aarch64 ppc64le s390x x86_64) * gcc13-c++-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-devel-gcc13-13.2.1+git7813-1.6.1 * gcc13-fortran-13.2.1+git7813-1.6.1 * gcc13-debuginfo-13.2.1+git7813-1.6.1 * gcc13-c++-13.2.1+git7813-1.6.1 * gcc13-locale-13.2.1+git7813-1.6.1 * cpp13-13.2.1+git7813-1.6.1 * gcc13-debugsource-13.2.1+git7813-1.6.1 * cpp13-debuginfo-13.2.1+git7813-1.6.1 * gcc13-13.2.1+git7813-1.6.1 * gcc13-PIE-13.2.1+git7813-1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-1.6.1 * Toolchain Module 12 (noarch) * gcc13-info-13.2.1+git7813-1.6.1 * Toolchain Module 12 (s390x x86_64) * gcc13-fortran-32bit-13.2.1+git7813-1.6.1 * gcc13-32bit-13.2.1+git7813-1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-1.6.1 * gcc13-c++-32bit-13.2.1+git7813-1.6.1 * Toolchain Module 12 (x86_64) * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libtsan2-debuginfo-13.2.1+git7813-1.6.1 * libhwasan0-13.2.1+git7813-1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-13.2.1+git7813-1.6.1 * libitm1-13.2.1+git7813-1.6.1 * liblsan0-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-1.6.1 * libitm1-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-debuginfo-13.2.1+git7813-1.6.1 * liblsan0-13.2.1+git7813-1.6.1 * libtsan2-13.2.1+git7813-1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-13.2.1+git7813-1.6.1 * libobjc4-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-locale-13.2.1+git7813-1.6.1 * libstdc++6-13.2.1+git7813-1.6.1 * libasan8-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-13.2.1+git7813-1.6.1 * libstdc++6-pp-13.2.1+git7813-1.6.1 * libatomic1-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-13.2.1+git7813-1.6.1 * libobjc4-13.2.1+git7813-1.6.1 * libasan8-13.2.1+git7813-1.6.1 * libgfortran5-13.2.1+git7813-1.6.1 * libgomp1-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libgfortran5-32bit-13.2.1+git7813-1.6.1 * libatomic1-32bit-13.2.1+git7813-1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-32bit-13.2.1+git7813-1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-32bit-13.2.1+git7813-1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-13.2.1+git7813-1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-13.2.1+git7813-1.6.1 * libitm1-32bit-13.2.1+git7813-1.6.1 * libquadmath0-13.2.1+git7813-1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-1.6.1 * libquadmath0-32bit-13.2.1+git7813-1.6.1 * libstdc++6-32bit-13.2.1+git7813-1.6.1 * libasan8-32bit-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libtsan2-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-13.2.1+git7813-1.6.1 * libitm1-13.2.1+git7813-1.6.1 * liblsan0-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-1.6.1 * libitm1-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-debuginfo-13.2.1+git7813-1.6.1 * liblsan0-13.2.1+git7813-1.6.1 * libtsan2-13.2.1+git7813-1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-13.2.1+git7813-1.6.1 * libobjc4-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-locale-13.2.1+git7813-1.6.1 * libstdc++6-13.2.1+git7813-1.6.1 * libasan8-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-pp-13.2.1+git7813-1.6.1 * libgcc_s1-13.2.1+git7813-1.6.1 * libatomic1-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-13.2.1+git7813-1.6.1 * libobjc4-13.2.1+git7813-1.6.1 * libasan8-13.2.1+git7813-1.6.1 * libgfortran5-13.2.1+git7813-1.6.1 * libgomp1-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le x86_64) * libquadmath0-13.2.1+git7813-1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libgcc_s1-32bit-13.2.1+git7813-1.6.1 * libitm1-32bit-13.2.1+git7813-1.6.1 * libgfortran5-32bit-13.2.1+git7813-1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-32bit-13.2.1+git7813-1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-32bit-13.2.1+git7813-1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-32bit-13.2.1+git7813-1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-32bit-13.2.1+git7813-1.6.1 * libasan8-32bit-13.2.1+git7813-1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * libquadmath0-32bit-debuginfo-13.2.1+git7813-1.6.1 * libquadmath0-32bit-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libtsan2-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-13.2.1+git7813-1.6.1 * libitm1-13.2.1+git7813-1.6.1 * liblsan0-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-1.6.1 * libitm1-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-debuginfo-13.2.1+git7813-1.6.1 * liblsan0-13.2.1+git7813-1.6.1 * libtsan2-13.2.1+git7813-1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-13.2.1+git7813-1.6.1 * libobjc4-debuginfo-13.2.1+git7813-1.6.1 * libquadmath0-13.2.1+git7813-1.6.1 * libstdc++6-locale-13.2.1+git7813-1.6.1 * libstdc++6-13.2.1+git7813-1.6.1 * libasan8-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-13.2.1+git7813-1.6.1 * libstdc++6-pp-13.2.1+git7813-1.6.1 * libatomic1-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-13.2.1+git7813-1.6.1 * libobjc4-13.2.1+git7813-1.6.1 * libasan8-13.2.1+git7813-1.6.1 * libgfortran5-13.2.1+git7813-1.6.1 * libgomp1-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libhwasan0-13.2.1+git7813-1.6.1 * libgfortran5-32bit-13.2.1+git7813-1.6.1 * libatomic1-32bit-13.2.1+git7813-1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-32bit-13.2.1+git7813-1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-32bit-13.2.1+git7813-1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-13.2.1+git7813-1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-13.2.1+git7813-1.6.1 * libitm1-32bit-13.2.1+git7813-1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-1.6.1 * libquadmath0-32bit-13.2.1+git7813-1.6.1 * libstdc++6-32bit-13.2.1+git7813-1.6.1 * libasan8-32bit-13.2.1+git7813-1.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4039.html * https://bugzilla.suse.com/show_bug.cgi?id=1206480 * https://bugzilla.suse.com/show_bug.cgi?id=1206684 * https://bugzilla.suse.com/show_bug.cgi?id=1210557 * https://bugzilla.suse.com/show_bug.cgi?id=1211427 * https://bugzilla.suse.com/show_bug.cgi?id=1212101 * https://bugzilla.suse.com/show_bug.cgi?id=1213915 * https://bugzilla.suse.com/show_bug.cgi?id=1214052 * https://bugzilla.suse.com/show_bug.cgi?id=1214460 * https://jira.suse.com/browse/PED-153 * https://jira.suse.com/browse/PED-2005 * https://jira.suse.com/browse/PED-252 * https://jira.suse.com/browse/PED-253 * https://jira.suse.com/browse/PED-6584 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 2 12:30:18 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 02 Nov 2023 12:30:18 -0000 Subject: SUSE-SU-2023:4338-1: important: Security update for xorg-x11-server Message-ID: <169892821846.6086.3166995726576664196@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:4338-1 Rating: important References: * bsc#1216133 * bsc#1216135 * bsc#1216261 Cross-References: * CVE-2023-5367 * CVE-2023-5380 * CVE-2023-5574 CVSS scores: * CVE-2023-5367 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5367 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5380 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5380 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5574 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5574 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261). * CVE-2023-5380: Fixed a memory safety issue that could be triggered when using multiple protocol screens (bsc#1216133). * CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4338=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4338=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4338=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4338=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4338=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4338=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4338=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4338=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4338=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4338=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4338=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4338=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4338=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4338=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 * SUSE Manager Proxy 4.2 (x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * xorg-x11-server-wayland-1.20.3-150200.22.5.79.1 * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * xorg-x11-server-wayland-1.20.3-150200.22.5.79.1 * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-wayland-1.20.3-150200.22.5.79.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-extra-1.20.3-150200.22.5.79.1 * xorg-x11-server-1.20.3-150200.22.5.79.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.79.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.79.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.79.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5367.html * https://www.suse.com/security/cve/CVE-2023-5380.html * https://www.suse.com/security/cve/CVE-2023-5574.html * https://bugzilla.suse.com/show_bug.cgi?id=1216133 * https://bugzilla.suse.com/show_bug.cgi?id=1216135 * https://bugzilla.suse.com/show_bug.cgi?id=1216261 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 2 12:30:29 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 02 Nov 2023 12:30:29 -0000 Subject: SUSE-SU-2023:4337-1: important: Security update for tomcat Message-ID: <169892822903.6086.5847966575981491142@smelt2.prg2.suse.org> # Security update for tomcat Announcement ID: SUSE-SU-2023:4337-1 Rating: important References: * bsc#1216118 * bsc#1216119 Cross-References: * CVE-2023-42795 * CVE-2023-45648 CVSS scores: * CVE-2023-42795 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-42795 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-45648 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-45648 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2023-42795: Fixed a potential information leak due to insufficient cleanup (bsc#1216119). * CVE-2023-45648: Fixed a request smuggling issue due to an incorrect parsing of HTTP trailer headers (bsc#1216118). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4337=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4337=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4337=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * tomcat-webapps-9.0.36-3.111.1 * tomcat-el-3_0-api-9.0.36-3.111.1 * tomcat-servlet-4_0-api-9.0.36-3.111.1 * tomcat-9.0.36-3.111.1 * tomcat-lib-9.0.36-3.111.1 * tomcat-jsp-2_3-api-9.0.36-3.111.1 * tomcat-javadoc-9.0.36-3.111.1 * tomcat-admin-webapps-9.0.36-3.111.1 * tomcat-docs-webapp-9.0.36-3.111.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * tomcat-webapps-9.0.36-3.111.1 * tomcat-el-3_0-api-9.0.36-3.111.1 * tomcat-servlet-4_0-api-9.0.36-3.111.1 * tomcat-9.0.36-3.111.1 * tomcat-lib-9.0.36-3.111.1 * tomcat-jsp-2_3-api-9.0.36-3.111.1 * tomcat-javadoc-9.0.36-3.111.1 * tomcat-admin-webapps-9.0.36-3.111.1 * tomcat-docs-webapp-9.0.36-3.111.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * tomcat-webapps-9.0.36-3.111.1 * tomcat-el-3_0-api-9.0.36-3.111.1 * tomcat-servlet-4_0-api-9.0.36-3.111.1 * tomcat-9.0.36-3.111.1 * tomcat-lib-9.0.36-3.111.1 * tomcat-jsp-2_3-api-9.0.36-3.111.1 * tomcat-javadoc-9.0.36-3.111.1 * tomcat-admin-webapps-9.0.36-3.111.1 * tomcat-docs-webapp-9.0.36-3.111.1 ## References: * https://www.suse.com/security/cve/CVE-2023-42795.html * https://www.suse.com/security/cve/CVE-2023-45648.html * https://bugzilla.suse.com/show_bug.cgi?id=1216118 * https://bugzilla.suse.com/show_bug.cgi?id=1216119 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 3 16:30:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 03 Nov 2023 16:30:04 -0000 Subject: SUSE-SU-2023:4363-1: moderate: Security update for poppler Message-ID: <169902900456.28179.14490799923501075594@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:4363-1 Rating: moderate References: * bsc#1213888 * bsc#1214726 Cross-References: * CVE-2022-37052 * CVE-2023-34872 CVSS scores: * CVE-2022-37052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-34872 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-34872 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file (bsc#1214726). * CVE-2023-34872: Fixed a remote denial-of-service in Outline.cc (bsc#1213888). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4363=1 openSUSE-SLE-15.4-2023-4363=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4363=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4363=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4363=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * poppler-debugsource-22.01.0-150400.3.16.1 * libpoppler-devel-22.01.0-150400.3.16.1 * libpoppler-glib8-debuginfo-22.01.0-150400.3.16.1 * libpoppler-qt6-3-debuginfo-22.01.0-150400.3.16.1 * libpoppler-qt6-devel-22.01.0-150400.3.16.1 * poppler-tools-debuginfo-22.01.0-150400.3.16.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.16.1 * poppler-qt6-debugsource-22.01.0-150400.3.16.1 * poppler-tools-22.01.0-150400.3.16.1 * libpoppler-cpp0-22.01.0-150400.3.16.1 * poppler-qt5-debugsource-22.01.0-150400.3.16.1 * libpoppler117-debuginfo-22.01.0-150400.3.16.1 * libpoppler-qt6-3-22.01.0-150400.3.16.1 * libpoppler-glib8-22.01.0-150400.3.16.1 * libpoppler-qt5-1-22.01.0-150400.3.16.1 * libpoppler-glib-devel-22.01.0-150400.3.16.1 * libpoppler-qt5-1-debuginfo-22.01.0-150400.3.16.1 * libpoppler117-22.01.0-150400.3.16.1 * typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1 * libpoppler-qt5-devel-22.01.0-150400.3.16.1 * openSUSE Leap 15.4 (x86_64) * libpoppler-qt5-1-32bit-22.01.0-150400.3.16.1 * libpoppler117-32bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler-cpp0-32bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler-qt5-1-32bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler-cpp0-32bit-22.01.0-150400.3.16.1 * libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler-glib8-32bit-22.01.0-150400.3.16.1 * libpoppler117-32bit-22.01.0-150400.3.16.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libpoppler-glib8-64bit-22.01.0-150400.3.16.1 * libpoppler117-64bit-22.01.0-150400.3.16.1 * libpoppler-qt5-1-64bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler-cpp0-64bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler-qt5-1-64bit-22.01.0-150400.3.16.1 * libpoppler-cpp0-64bit-22.01.0-150400.3.16.1 * libpoppler117-64bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler-glib8-64bit-debuginfo-22.01.0-150400.3.16.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * poppler-debugsource-22.01.0-150400.3.16.1 * libpoppler-devel-22.01.0-150400.3.16.1 * libpoppler-glib8-debuginfo-22.01.0-150400.3.16.1 * poppler-tools-debuginfo-22.01.0-150400.3.16.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.16.1 * poppler-tools-22.01.0-150400.3.16.1 * libpoppler-cpp0-22.01.0-150400.3.16.1 * libpoppler117-debuginfo-22.01.0-150400.3.16.1 * libpoppler-glib8-22.01.0-150400.3.16.1 * libpoppler-glib-devel-22.01.0-150400.3.16.1 * libpoppler117-22.01.0-150400.3.16.1 * typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * poppler-debugsource-22.01.0-150400.3.16.1 * libpoppler-devel-22.01.0-150400.3.16.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.16.1 * libpoppler-cpp0-22.01.0-150400.3.16.1 * poppler-qt5-debugsource-22.01.0-150400.3.16.1 * libpoppler-qt5-1-22.01.0-150400.3.16.1 * libpoppler-qt5-1-debuginfo-22.01.0-150400.3.16.1 * libpoppler-qt5-devel-22.01.0-150400.3.16.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libpoppler-glib8-32bit-22.01.0-150400.3.16.1 * libpoppler117-32bit-debuginfo-22.01.0-150400.3.16.1 * libpoppler117-32bit-22.01.0-150400.3.16.1 * libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.16.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * poppler-debugsource-22.01.0-150400.3.16.1 * libpoppler117-22.01.0-150400.3.16.1 * libpoppler117-debuginfo-22.01.0-150400.3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2022-37052.html * https://www.suse.com/security/cve/CVE-2023-34872.html * https://bugzilla.suse.com/show_bug.cgi?id=1213888 * https://bugzilla.suse.com/show_bug.cgi?id=1214726 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 3 16:30:08 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 03 Nov 2023 16:30:08 -0000 Subject: SUSE-SU-2023:4362-1: moderate: Security update for poppler Message-ID: <169902900806.28179.6371728323748919366@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:4362-1 Rating: moderate References: * bsc#1112424 * bsc#1112428 * bsc#1128114 * bsc#1129202 * bsc#1140745 * bsc#1143570 * bsc#1214256 * bsc#1214723 * bsc#1214726 Cross-References: * CVE-2018-18454 * CVE-2018-18456 * CVE-2019-13287 * CVE-2019-14292 * CVE-2019-9545 * CVE-2019-9631 * CVE-2020-36023 * CVE-2022-37052 * CVE-2022-48545 CVSS scores: * CVE-2018-18454 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-18454 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-18456 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-18456 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-13287 ( SUSE ): 3.9 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L * CVE-2019-13287 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2019-14292 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-14292 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-9545 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-9545 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2019-9631 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-9631 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2020-36023 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-36023 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-48545 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-48545 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2019-9545: Fixed a potential crash due to uncontrolled recursion in the JBIG parser (bsc#1128114). * CVE-2019-9631: Fixed an out of bounds read when converting a PDF to an image (bsc#1129202). * CVE-2022-37052: Fixed a reachable assertion when extracting pages of a PDf file (bsc#1214726). * CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph (bsc#1214256). * CVE-2019-13287: Fixed an out-of-bounds read vulnerability in the function SplashXPath:strokeAdjust (bsc#1140745). * CVE-2018-18456: Fixed a stack-based buffer over-read via a crafted pdf file (bsc#1112428). * CVE-2018-18454: Fixed heap-based buffer over-read via a crafted pdf file (bsc#1112424). * CVE-2019-14292: Fixed an out of bounds read in GfxState.cc (bsc#1143570). * CVE-2022-48545: Fixed an infinite recursion in Catalog::findDestInTree which can cause denial of service (bsc#1214723). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4362=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4362=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4362=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4362=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler-cpp0-debuginfo-0.43.0-16.40.1 * poppler-debugsource-0.43.0-16.40.1 * libpoppler-cpp0-0.43.0-16.40.1 * libpoppler-qt4-devel-0.43.0-16.40.1 * libpoppler-glib-devel-0.43.0-16.40.1 * typelib-1_0-Poppler-0_18-0.43.0-16.40.1 * libpoppler-devel-0.43.0-16.40.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * poppler-tools-debuginfo-0.43.0-16.40.1 * poppler-tools-0.43.0-16.40.1 * poppler-debugsource-0.43.0-16.40.1 * libpoppler60-debuginfo-0.43.0-16.40.1 * libpoppler-glib8-0.43.0-16.40.1 * libpoppler-qt4-4-0.43.0-16.40.1 * libpoppler-glib8-debuginfo-0.43.0-16.40.1 * libpoppler60-0.43.0-16.40.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.40.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * poppler-tools-debuginfo-0.43.0-16.40.1 * poppler-tools-0.43.0-16.40.1 * poppler-debugsource-0.43.0-16.40.1 * libpoppler60-debuginfo-0.43.0-16.40.1 * libpoppler-glib8-0.43.0-16.40.1 * libpoppler-qt4-4-0.43.0-16.40.1 * libpoppler-glib8-debuginfo-0.43.0-16.40.1 * libpoppler60-0.43.0-16.40.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.40.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * poppler-tools-debuginfo-0.43.0-16.40.1 * poppler-tools-0.43.0-16.40.1 * poppler-debugsource-0.43.0-16.40.1 * libpoppler60-debuginfo-0.43.0-16.40.1 * libpoppler-glib8-0.43.0-16.40.1 * libpoppler-qt4-4-0.43.0-16.40.1 * libpoppler-qt4-4-debuginfo-0.43.0-16.40.1 * libpoppler-glib8-debuginfo-0.43.0-16.40.1 * libpoppler60-0.43.0-16.40.1 ## References: * https://www.suse.com/security/cve/CVE-2018-18454.html * https://www.suse.com/security/cve/CVE-2018-18456.html * https://www.suse.com/security/cve/CVE-2019-13287.html * https://www.suse.com/security/cve/CVE-2019-14292.html * https://www.suse.com/security/cve/CVE-2019-9545.html * https://www.suse.com/security/cve/CVE-2019-9631.html * https://www.suse.com/security/cve/CVE-2020-36023.html * https://www.suse.com/security/cve/CVE-2022-37052.html * https://www.suse.com/security/cve/CVE-2022-48545.html * https://bugzilla.suse.com/show_bug.cgi?id=1112424 * https://bugzilla.suse.com/show_bug.cgi?id=1112428 * https://bugzilla.suse.com/show_bug.cgi?id=1128114 * https://bugzilla.suse.com/show_bug.cgi?id=1129202 * https://bugzilla.suse.com/show_bug.cgi?id=1140745 * https://bugzilla.suse.com/show_bug.cgi?id=1143570 * https://bugzilla.suse.com/show_bug.cgi?id=1214256 * https://bugzilla.suse.com/show_bug.cgi?id=1214723 * https://bugzilla.suse.com/show_bug.cgi?id=1214726 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 3 16:30:10 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 03 Nov 2023 16:30:10 -0000 Subject: SUSE-SU-2023:4361-1: important: Security update for gstreamer-plugins-bad Message-ID: <169902901028.28179.15898276073303466134@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4361-1 Rating: important References: * bsc#1215793 Cross-References: * CVE-2023-40474 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4361=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4361=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4361=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4361=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4361=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4361=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * gstreamer-plugins-bad-doc-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1 * openSUSE Leap 15.3 (x86_64) * libgstplayer-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-32bit-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-32bit-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-32bit-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-32bit-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-32bit-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-32bit-1.16.3-150300.9.9.1 * openSUSE Leap 15.3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libgstinsertbin-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-64bit-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-64bit-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-64bit-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-64bit-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-64bit-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-64bit-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstwebrtc-1_0-0-1.16.3-150300.9.9.1 * libgstisoff-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1 * libgstwayland-1_0-0-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1 * libgstinsertbin-1_0-0-1.16.3-150300.9.9.1 * libgstphotography-1_0-0-1.16.3-150300.9.9.1 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1 * SUSE Enterprise Storage 7.1 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 3 16:30:13 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 03 Nov 2023 16:30:13 -0000 Subject: SUSE-SU-2023:4360-1: important: Security update for gstreamer-plugins-bad Message-ID: <169902901335.28179.10740464762262186028@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4360-1 Rating: important References: * bsc#1215793 Cross-References: * CVE-2023-40474 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4360=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4360=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4360=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4360=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libgstplayer-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstplay-1_0-0-32bit-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-32bit-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstplay-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-32bit-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstva-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-32bit-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstplayer-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstva-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstadaptivedemux-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-32bit-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-32bit-1.20.1-150400.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libgstadaptivedemux-1_0-0-1.20.1-150400.3.6.1 * libgstplay-1_0-0-1.20.1-150400.3.6.1 * libgstva-1_0-0-1.20.1-150400.3.6.1 * libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.6.1 * typelib-1_0-GstVulkanWayland-1_0-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-1.20.1-150400.3.6.1 * libgsttranscoder-1_0-0-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstVulkanXCB-1_0-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.6.1 * typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.6.1 * gstreamer-transcoder-devel-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-transcoder-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-1.20.1-150400.3.6.1 * libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.6.1 * typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-1.20.1-150400.3.6.1 * libgstva-1_0-0-debuginfo-1.20.1-150400.3.6.1 * typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-devel-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstTranscoder-1_0-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1 * typelib-1_0-GstVulkan-1_0-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstplay-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstplayer-1_0-0-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstPlay-1_0-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1 * typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.6.1 * gstreamer-transcoder-debuginfo-1.20.1-150400.3.6.1 * openSUSE Leap 15.4 (noarch) * gstreamer-plugins-bad-lang-1.20.1-150400.3.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * gstreamer-plugins-bad-64bit-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstplayer-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstadaptivedemux-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstplay-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-64bit-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-64bit-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstplayer-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstva-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-64bit-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstva-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstplay-1_0-0-64bit-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgstplay-1_0-0-1.20.1-150400.3.6.1 * libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstplay-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstplayer-1_0-0-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1 * libgstphotography-1_0-0-1.20.1-150400.3.6.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgstadaptivedemux-1_0-0-1.20.1-150400.3.6.1 * libgstva-1_0-0-1.20.1-150400.3.6.1 * libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-1.20.1-150400.3.6.1 * libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.6.1 * typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-1.20.1-150400.3.6.1 * libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.6.1 * typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.6.1 * libgstcodecs-1_0-0-1.20.1-150400.3.6.1 * libgstva-1_0-0-debuginfo-1.20.1-150400.3.6.1 * typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.6.1 * libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-devel-1.20.1-150400.3.6.1 * libgstbadaudio-1_0-0-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1 * libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.6.1 * libgstvulkan-1_0-0-1.20.1-150400.3.6.1 * typelib-1_0-GstPlay-1_0-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1 * typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.6.1 * Desktop Applications Module 15-SP4 (noarch) * gstreamer-plugins-bad-lang-1.20.1-150400.3.6.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libgsttranscoder-1_0-0-1.20.1-150400.3.6.1 * libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 3 16:30:19 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 03 Nov 2023 16:30:19 -0000 Subject: SUSE-SU-2023:4359-1: important: Security update for the Linux Kernel Message-ID: <169902901913.28179.15642510742914834031@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4359-1 Rating: important References: * bsc#1206010 * bsc#1208788 * bsc#1210778 * bsc#1213705 * bsc#1213950 * bsc#1213977 * bsc#1215743 * bsc#1215745 * bsc#1216046 * bsc#1216051 * bsc#1216107 * bsc#1216140 * bsc#1216340 * bsc#1216513 * bsc#1216514 Cross-References: * CVE-2023-31085 * CVE-2023-34324 * CVE-2023-39189 * CVE-2023-45862 CVSS scores: * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise Server 12 SP5 An update that solves four vulnerabilities and has 11 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) The following non-security bugs were fixed: * 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). * audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes). * crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() (git-fixes). * iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010). * iommu/amd: Remove useless irq affinity notifier (bsc#1206010). * iommu/amd: Set iommu->int_enabled consistently when interrupts are set up (bsc#1206010). * kabi: iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010). * KVM: s390: fix sthyi error handling (git-fixes bsc#1216107). * memcg: drop kmem.limit_in_bytes (bsc#1208788) * mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). * net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * ratelimit: Fix data-races in ___ratelimit() (git-fixes). * ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). * s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216513). * s390/ptrace: fix setting syscall number (git-fixes bsc#1216340). * s390/vdso: add missing FORCE to build targets (git-fixes bsc#1216140). * s390/zcrypt: change reply buffer size offering (LTC#203322 bsc#1213950). * s390/zcrypt: fix reply buffer calculations for CCA replies (LTC#203322 bsc#1213950). * scsi: zfcp: Defer fc_rport blocking until after ADISC response (LTC#203327 bsc#1213977 git-fixes). * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1216514). * tools/thermal: Fix possible path truncations (git-fixes). * tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git- fixes). * tracing: Fix memleak due to race between current_tracer and trace (git- fixes). * tracing: Fix race issue between cpu buffer write and swap (git-fixes). * uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). * usb: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). * usb: typec: altmodes/displayport: Fix configure initial pin assignment (git- fixes). * usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). * vhost-scsi: unbreak any layout for response (git-fixes). * virtio_balloon: fix deadlock on OOM (git-fixes). * virtio_balloon: fix increment of vb->num_pfns in fill_balloon() (git-fixes). * virtio_net: Fix error unwinding of XDP initialization (git-fixes). * virtio: Protect vqs list access (git-fixes). * vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock() (git-fixes). * xen-netback: use default TX queue size for vifs (git-fixes). * xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1215743). * xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1215743). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2023-4359=1 ## Package List: * SUSE Linux Enterprise Real Time 12 SP5 (x86_64) * kernel-rt-base-4.12.14-10.149.1 * kernel-rt_debug-debugsource-4.12.14-10.149.1 * dlm-kmp-rt-4.12.14-10.149.1 * kernel-rt_debug-debuginfo-4.12.14-10.149.1 * gfs2-kmp-rt-debuginfo-4.12.14-10.149.1 * kernel-rt-debuginfo-4.12.14-10.149.1 * ocfs2-kmp-rt-4.12.14-10.149.1 * cluster-md-kmp-rt-4.12.14-10.149.1 * kernel-rt-debugsource-4.12.14-10.149.1 * kernel-rt-devel-debuginfo-4.12.14-10.149.1 * kernel-rt_debug-devel-debuginfo-4.12.14-10.149.1 * kernel-syms-rt-4.12.14-10.149.1 * ocfs2-kmp-rt-debuginfo-4.12.14-10.149.1 * gfs2-kmp-rt-4.12.14-10.149.1 * kernel-rt-base-debuginfo-4.12.14-10.149.1 * kernel-rt_debug-devel-4.12.14-10.149.1 * kernel-rt-devel-4.12.14-10.149.1 * cluster-md-kmp-rt-debuginfo-4.12.14-10.149.1 * dlm-kmp-rt-debuginfo-4.12.14-10.149.1 * SUSE Linux Enterprise Real Time 12 SP5 (noarch) * kernel-source-rt-4.12.14-10.149.1 * kernel-devel-rt-4.12.14-10.149.1 * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) * kernel-rt-4.12.14-10.149.1 * kernel-rt_debug-4.12.14-10.149.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-45862.html * https://bugzilla.suse.com/show_bug.cgi?id=1206010 * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1210778 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1213950 * https://bugzilla.suse.com/show_bug.cgi?id=1213977 * https://bugzilla.suse.com/show_bug.cgi?id=1215743 * https://bugzilla.suse.com/show_bug.cgi?id=1215745 * https://bugzilla.suse.com/show_bug.cgi?id=1216046 * https://bugzilla.suse.com/show_bug.cgi?id=1216051 * https://bugzilla.suse.com/show_bug.cgi?id=1216107 * https://bugzilla.suse.com/show_bug.cgi?id=1216140 * https://bugzilla.suse.com/show_bug.cgi?id=1216340 * https://bugzilla.suse.com/show_bug.cgi?id=1216513 * https://bugzilla.suse.com/show_bug.cgi?id=1216514 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 3 16:30:22 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 03 Nov 2023 16:30:22 -0000 Subject: SUSE-SU-2023:4358-1: important: Security update for the Linux Kernel Message-ID: <169902902266.28179.481383766858319261@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4358-1 Rating: important References: * bsc#1212051 * bsc#1214842 * bsc#1215095 * bsc#1215467 * bsc#1215518 * bsc#1215745 * bsc#1215858 * bsc#1215860 * bsc#1215861 * bsc#1216046 Cross-References: * CVE-2023-2163 * CVE-2023-3111 * CVE-2023-34324 * CVE-2023-3777 * CVE-2023-39189 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-42754 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves nine vulnerabilities and has one security fix can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). * CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). * CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). The following non-security bugs were fixed: * nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4358=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4358=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4358=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (nosrc x86_64) * kernel-rt-5.3.18-150300.149.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.149.1 * kernel-rt-debugsource-5.3.18-150300.149.1 * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.149.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.149.1 * kernel-rt-debugsource-5.3.18-150300.149.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.149.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.149.1 * kernel-rt-debugsource-5.3.18-150300.149.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-3111.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1214842 * https://bugzilla.suse.com/show_bug.cgi?id=1215095 * https://bugzilla.suse.com/show_bug.cgi?id=1215467 * https://bugzilla.suse.com/show_bug.cgi?id=1215518 * https://bugzilla.suse.com/show_bug.cgi?id=1215745 * https://bugzilla.suse.com/show_bug.cgi?id=1215858 * https://bugzilla.suse.com/show_bug.cgi?id=1215860 * https://bugzilla.suse.com/show_bug.cgi?id=1215861 * https://bugzilla.suse.com/show_bug.cgi?id=1216046 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 6 08:30:03 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 06 Nov 2023 08:30:03 -0000 Subject: SUSE-SU-2023:4368-1: important: Security update for gstreamer-plugins-bad Message-ID: <169925940344.22272.2266363020025866617@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4368-1 Rating: important References: * bsc#1215793 Cross-References: * CVE-2023-40474 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4368=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4368=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4368=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4368=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-bad-devel-1.8.3-18.6.1 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.6.1 * gstreamer-plugins-bad-debuginfo-1.8.3-18.6.1 * libgsturidownloader-1_0-0-1.8.3-18.6.1 * libgstinsertbin-1_0-0-debuginfo-1.8.3-18.6.1 * gstreamer-plugins-bad-debugsource-1.8.3-18.6.1 * libgstinsertbin-1_0-0-1.8.3-18.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadvideo-1_0-0-debuginfo-1.8.3-18.6.1 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.6.1 * libgstgl-1_0-0-debuginfo-1.8.3-18.6.1 * libgstphotography-1_0-0-debuginfo-1.8.3-18.6.1 * libgstmpegts-1_0-0-debuginfo-1.8.3-18.6.1 * libgstcodecparsers-1_0-0-debuginfo-1.8.3-18.6.1 * libgstcodecparsers-1_0-0-1.8.3-18.6.1 * libgstmpegts-1_0-0-1.8.3-18.6.1 * libgstbadvideo-1_0-0-1.8.3-18.6.1 * gstreamer-plugins-bad-debugsource-1.8.3-18.6.1 * libgstbasecamerabinsrc-1_0-0-1.8.3-18.6.1 * libgstbadbase-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadbase-1_0-0-1.8.3-18.6.1 * gstreamer-plugins-bad-1.8.3-18.6.1 * libgstgl-1_0-0-1.8.3-18.6.1 * libgstadaptivedemux-1_0-0-debuginfo-1.8.3-18.6.1 * gstreamer-plugins-bad-debuginfo-1.8.3-18.6.1 * libgstadaptivedemux-1_0-0-1.8.3-18.6.1 * libgsturidownloader-1_0-0-1.8.3-18.6.1 * libgstphotography-1_0-0-1.8.3-18.6.1 * libgstbadaudio-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadaudio-1_0-0-1.8.3-18.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * gstreamer-plugins-bad-lang-1.8.3-18.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadvideo-1_0-0-debuginfo-1.8.3-18.6.1 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.6.1 * libgstgl-1_0-0-debuginfo-1.8.3-18.6.1 * libgstphotography-1_0-0-debuginfo-1.8.3-18.6.1 * libgstmpegts-1_0-0-debuginfo-1.8.3-18.6.1 * libgstcodecparsers-1_0-0-debuginfo-1.8.3-18.6.1 * libgstcodecparsers-1_0-0-1.8.3-18.6.1 * libgstmpegts-1_0-0-1.8.3-18.6.1 * libgstbadvideo-1_0-0-1.8.3-18.6.1 * gstreamer-plugins-bad-debugsource-1.8.3-18.6.1 * libgstbasecamerabinsrc-1_0-0-1.8.3-18.6.1 * libgstbadbase-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadbase-1_0-0-1.8.3-18.6.1 * gstreamer-plugins-bad-1.8.3-18.6.1 * libgstgl-1_0-0-1.8.3-18.6.1 * libgstadaptivedemux-1_0-0-debuginfo-1.8.3-18.6.1 * gstreamer-plugins-bad-debuginfo-1.8.3-18.6.1 * libgstadaptivedemux-1_0-0-1.8.3-18.6.1 * libgsturidownloader-1_0-0-1.8.3-18.6.1 * libgstphotography-1_0-0-1.8.3-18.6.1 * libgstbadaudio-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadaudio-1_0-0-1.8.3-18.6.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * gstreamer-plugins-bad-lang-1.8.3-18.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadvideo-1_0-0-debuginfo-1.8.3-18.6.1 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.6.1 * libgstgl-1_0-0-debuginfo-1.8.3-18.6.1 * libgstphotography-1_0-0-debuginfo-1.8.3-18.6.1 * libgstmpegts-1_0-0-debuginfo-1.8.3-18.6.1 * libgstcodecparsers-1_0-0-debuginfo-1.8.3-18.6.1 * libgstcodecparsers-1_0-0-1.8.3-18.6.1 * libgstmpegts-1_0-0-1.8.3-18.6.1 * libgstbadvideo-1_0-0-1.8.3-18.6.1 * gstreamer-plugins-bad-debugsource-1.8.3-18.6.1 * libgstbasecamerabinsrc-1_0-0-1.8.3-18.6.1 * libgstbadbase-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadbase-1_0-0-1.8.3-18.6.1 * gstreamer-plugins-bad-1.8.3-18.6.1 * libgstgl-1_0-0-1.8.3-18.6.1 * libgstadaptivedemux-1_0-0-debuginfo-1.8.3-18.6.1 * gstreamer-plugins-bad-debuginfo-1.8.3-18.6.1 * libgstadaptivedemux-1_0-0-1.8.3-18.6.1 * libgsturidownloader-1_0-0-1.8.3-18.6.1 * libgstphotography-1_0-0-1.8.3-18.6.1 * libgstbadaudio-1_0-0-debuginfo-1.8.3-18.6.1 * libgstbadaudio-1_0-0-1.8.3-18.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * gstreamer-plugins-bad-lang-1.8.3-18.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 6 08:30:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 06 Nov 2023 08:30:06 -0000 Subject: SUSE-SU-2023:4367-1: important: Security update for apache-ivy Message-ID: <169925940626.22272.13406007101538961516@smelt2.prg2.suse.org> # Security update for apache-ivy Announcement ID: SUSE-SU-2023:4367-1 Rating: important References: * bsc#1214422 Cross-References: * CVE-2022-46751 CVSS scores: * CVE-2022-46751 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-46751 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for apache-ivy fixes the following issues: * Upgrade to version 2.5.2 (bsc#1214422) * CVE-2022-46751: Fixed an XML External Entity Injections that could be exploited to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. (bsc#1214422) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4367=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4367=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4367=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4367=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4367=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4367=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4367=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4367=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4367=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4367=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4367=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4367=1 ## Package List: * openSUSE Leap 15.4 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * apache-ivy-javadoc-2.5.2-150200.3.9.1 * openSUSE Leap 15.5 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * apache-ivy-javadoc-2.5.2-150200.3.9.1 * Development Tools Module 15-SP4 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * Development Tools Module 15-SP5 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * apache-ivy-2.5.2-150200.3.9.1 * SUSE Enterprise Storage 7.1 (noarch) * apache-ivy-2.5.2-150200.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46751.html * https://bugzilla.suse.com/show_bug.cgi?id=1214422 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 6 12:30:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 06 Nov 2023 12:30:06 -0000 Subject: SUSE-SU-2023:4072-2: important: Security update for the Linux Kernel Message-ID: <169927380601.13867.5134716320612436981@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4072-2 Rating: important References: * bsc#1202845 * bsc#1213808 * bsc#1214928 * bsc#1214940 * bsc#1214941 * bsc#1214942 * bsc#1214943 * bsc#1214944 * bsc#1214950 * bsc#1214951 * bsc#1214954 * bsc#1214957 * bsc#1214986 * bsc#1214988 * bsc#1214992 * bsc#1214993 * bsc#1215322 * bsc#1215877 * bsc#1215894 * bsc#1215895 * bsc#1215896 * bsc#1215911 * bsc#1215915 * bsc#1215916 Cross-References: * CVE-2023-1192 * CVE-2023-1206 * CVE-2023-1859 * CVE-2023-2177 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-4155 * CVE-2023-42753 * CVE-2023-42754 * CVE-2023-4389 * CVE-2023-4563 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4881 * CVE-2023-4921 * CVE-2023-5345 CVSS scores: * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-4155 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-4155 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-42753 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42753 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4389 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-4389 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4563 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 An update that solves 17 vulnerabilities and has seven security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727) * CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) * CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) * CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) * CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) * CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) * CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) * CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). * CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: * ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git- fixes). * ALSA: hda/realtek: Splitting the UX3402 into two separate models (git- fixes). * ARM: pxa: remove use of symbol_get() (git-fixes). * arm64: csum: Fix OoB access in IP checksum code for negative lengths (git- fixes). * arm64: module-plts: inline linux/moduleloader.h (git-fixes) * arm64: module: Use module_init_layout_section() to spot init sections (git- fixes) * arm64: sdei: abort running SDEI handlers during crash (git-fixes) * arm64: tegra: Update AHUB clock parent and rate (git-fixes) * arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git- fixes) * ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). * ASoC: meson: spdifin: start hw on dai probe (git-fixes). * ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). * ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). * ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). * ata: pata_falcon: fix IO base selection for Q40 (git-fixes). * ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). * ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). * backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). * blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). * blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). * block/mq-deadline: use correct way to throttling write requests (bsc#1214993). * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). * bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). * bpf: Clear the probe_addr for uprobe (git-fixes). * btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). * drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). * drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). * drm/amd/display: prevent potential division by zero errors (git-fixes). * drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). * drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). * drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). * drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). * drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). * ext4: avoid potential data overflow in next_linear_group (bsc#1214951). * ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). * ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). * ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). * ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). * ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). * ext4: Remove ext4 locking of moved directory (bsc#1214957). * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). * fs: do not update freeing inode i_io_list (bsc#1214813). * fs: Establish locking order for unrelated directories (bsc#1214958). * fs: Lock moved directories (bsc#1214959). * fs: lockd: avoid possible wrong NULL parameter (git-fixes). * fs: no need to check source (bsc#1215752). * fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). * gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). * gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). * gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). * gve: Changes to add new TX queues (bsc#1214479). * gve: Control path for DQO-QPL (bsc#1214479). * gve: fix frag_list chaining (bsc#1214479). * gve: Fix gve interrupt names (bsc#1214479). * gve: RX path for DQO-QPL (bsc#1214479). * gve: trivial spell fix Recive to Receive (bsc#1214479). * gve: Tx path for DQO-QPL (bsc#1214479). * gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). * gve: use vmalloc_array and vcalloc (bsc#1214479). * gve: XDP support GQI-QPL: helper function changes (bsc#1214479). * hwrng: virtio - add an internal buffer (git-fixes). * hwrng: virtio - always add a pending request (git-fixes). * hwrng: virtio - do not wait on cleanup (git-fixes). * hwrng: virtio - do not waste entropy (git-fixes). * hwrng: virtio - Fix race on data_avail and actual data (git-fixes). * i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). * i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). * idr: fix param name in idr_alloc_cyclic() doc (git-fixes). * Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). * iommu/virtio: Detach domain on endpoint release (git-fixes). * jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). * jbd2: correct the end of the journal recovery scan range (bsc#1214955). * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). * jbd2: fix checkpoint cleanup performance regression (bsc#1214952). * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). * jbd2: remove journal_clean_one_cp_list() (bsc#1214947). * jbd2: remove t_checkpoint_io_list (bsc#1214946). * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). * kabi/severities: ignore mlx4 internal symbols * kconfig: fix possible buffer overflow (git-fixes). * kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. * kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. * kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). * KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). * KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). * KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). * KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). * KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git- fixes). * KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). * KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). * KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). * loop: Fix use-after-free issues (bsc#1214991). * loop: loop_set_status_from_info() check before assignment (bsc#1214990). * mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). * mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). * mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). * mlx4: Delete custom device management logic (bsc#1187236). * mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). * mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). * mlx4: Move the bond work to the core driver (bsc#1187236). * mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). * mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). * mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). * mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). * module: Expose module_init_layout_section() (git-fixes) * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). * net: mana: Add page pool for RX buffers (bsc#1214040). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). * net/mlx4: Remove many unnecessary NULL values (bsc#1187236). * NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git- fixes). * NFS/blocklayout: Use the passed in gfp flags (git-fixes). * NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes). * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). * NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). * NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). * NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). * NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). * NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). * NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). * NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). * NFSv4/pNFS: minor fix for cleanup path in nfs4_get_device_info (git-fixes). * ntb: Clean up tx tail index on link down (git-fixes). * ntb: Drop packets when qp link is down (git-fixes). * ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). * nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). * nvme-tcp: add recovery_delay to sysfs (bsc#1201284). * nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). * nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). * nvme-tcp: make 'err_work' a delayed work (bsc#1201284). * PCI: Free released resource after coalescing (git-fixes). * platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). * platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git- fixes). * platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). * platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). * platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git- fixes). * platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). * platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). * platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). * powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). * powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). * powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). * printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). * pwm: lpc32xx: Remove handling of PWM channels (git-fixes). * quota: add new helper dquot_active() (bsc#1214998). * quota: factor out dquot_write_dquot() (bsc#1214995). * quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). * quota: fix warning in dqgrab() (bsc#1214962). * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). * quota: rename dquot_active() to inode_quota_active() (bsc#1214997). * s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). * s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). * scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). * scsi: 53c700: Check that command slot is not NULL (git-fixes). * scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). * scsi: core: Fix possible memory leak if device_add() fails (git-fixes). * scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). * scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). * scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). * scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git- fixes). * scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). * scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). * scsi: lpfc: Remove reftag check in DIF paths (git-fixes). * scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). * scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). * scsi: qedf: Fix NULL dereference in error handling (git-fixes). * scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). * scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). * scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). * scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). * scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git- fixes). * scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). * scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). * scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). * scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). * scsi: qla2xxx: Remove unused declarations (bsc#1214928). * scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). * scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). * scsi: scsi_debug: Remove dead code (git-fixes). * scsi: snic: Fix double free in snic_tgt_create() (git-fixes). * scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). * scsi: storvsc: Handle additional SRB status values (git-fixes). * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). * selftests: tracing: Fix to unmount tracefs for recovering environment (git- fixes). * SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). * tcpm: Avoid soft reset when partner does not support get_status (git-fixes). * tracing: Fix race issue between cpu buffer write and swap (git-fixes). * tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). * tracing: Remove unnecessary copying of tr->current_trace (git-fixes). * uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). * udf: Fix extension of the last extent in the file (bsc#1214964). * udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). * udf: Fix off-by-one error when discarding preallocation (bsc#1214966). * udf: Fix uninitialized array access for some pathnames (bsc#1214967). * uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). * usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). * usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). * usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). * usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). * usb: typec: tcpci: clear the fault status bit (git-fixes). * usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). * vhost_vdpa: fix the crash in unmap a large memory (git-fixes). * vhost-scsi: unbreak any layout for response (git-fixes). * vhost: allow batching hint without size (git-fixes). * vhost: fix hung thread due to erroneous iotlb entries (git-fixes). * vhost: handle error while adding split ranges to iotlb (git-fixes). * virtio_net: add checking sq is full inside xdp xmit (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: reorder some funcs (git-fixes). * virtio_net: separate the logic of checking whether sq is full (git-fixes). * virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). * virtio-mmio: do not break lifecycle of vm_dev (git-fixes). * virtio-net: fix race between set queues and probe (git-fixes). * virtio-net: set queues after driver_ok (git-fixes). * virtio-rng: make device ready before making request (git-fixes). * virtio: acknowledge all features before access (git-fixes). * vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). * watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). * word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). * x86/alternative: Fix race in try_get_desc() (git-fixes). * x86/boot/e820: Fix typo in e820.c comment (git-fixes). * x86/bugs: Reset speculation control settings on init (git-fixes). * x86/cpu: Add Lunar Lake M (git-fixes). * x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). * x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git- fixes). * x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git- fixes). * x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). * x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). * x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git- fixes). * x86/mce: Retrieve poison range from hardware (git-fixes). * x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). * x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). * x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). * x86/purgatory: remove PGO flags (git-fixes). * x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git- fixes). * x86/reboot: Disable virtualization in an emergency if SVM is supported (git- fixes). * x86/resctl: fix scheduler confusion with 'current' (git-fixes). * x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). * x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). * x86/rtc: Remove __init for runtime functions (git-fixes). * x86/sgx: Reduce delay and interference of enclave release (git-fixes). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). * x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). * xen: remove a confusing comment on auto-translated guest I/O (git-fixes). * xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4072=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-5.14.21-150400.24.92.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.92.1 * gfs2-kmp-default-5.14.21-150400.24.92.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.92.1 * kernel-syms-5.14.21-150400.24.92.1 * kselftests-kmp-default-5.14.21-150400.24.92.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-optional-5.14.21-150400.24.92.1 * kernel-default-extra-5.14.21-150400.24.92.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.92.1 * ocfs2-kmp-default-5.14.21-150400.24.92.1 * kernel-default-devel-5.14.21-150400.24.92.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.92.1 * kernel-obs-qa-5.14.21-150400.24.92.1 * kernel-default-debugsource-5.14.21-150400.24.92.1 * dlm-kmp-default-5.14.21-150400.24.92.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.92.1 * kernel-obs-build-debugsource-5.14.21-150400.24.92.1 * kernel-default-livepatch-5.14.21-150400.24.92.1 * kernel-obs-build-5.14.21-150400.24.92.1 * kernel-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.92.1 * reiserfs-kmp-default-5.14.21-150400.24.92.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.92.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-livepatch-devel-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-devel-5.14.21-150400.24.92.1 * kernel-debug-livepatch-devel-5.14.21-150400.24.92.1 * kernel-debug-debugsource-5.14.21-150400.24.92.1 * kernel-debug-debuginfo-5.14.21-150400.24.92.1 * kernel-debug-devel-debuginfo-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.92.1 * kernel-default-base-rebuild-5.14.21-150400.24.92.1.150400.24.42.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.92.1 * kernel-kvmsmall-devel-5.14.21-150400.24.92.1 * kernel-default-base-5.14.21-150400.24.92.1.150400.24.42.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.92.1 * kernel-kvmsmall-debugsource-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (noarch) * kernel-docs-html-5.14.21-150400.24.92.1 * kernel-source-5.14.21-150400.24.92.1 * kernel-source-vanilla-5.14.21-150400.24.92.1 * kernel-macros-5.14.21-150400.24.92.1 * kernel-devel-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.92.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (aarch64) * dtb-allwinner-5.14.21-150400.24.92.1 * dtb-altera-5.14.21-150400.24.92.1 * dtb-marvell-5.14.21-150400.24.92.1 * dtb-apple-5.14.21-150400.24.92.1 * kernel-64kb-devel-5.14.21-150400.24.92.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * cluster-md-kmp-64kb-5.14.21-150400.24.92.1 * kernel-64kb-extra-5.14.21-150400.24.92.1 * kselftests-kmp-64kb-5.14.21-150400.24.92.1 * dtb-hisilicon-5.14.21-150400.24.92.1 * kernel-64kb-debugsource-5.14.21-150400.24.92.1 * dtb-freescale-5.14.21-150400.24.92.1 * dtb-apm-5.14.21-150400.24.92.1 * dtb-amd-5.14.21-150400.24.92.1 * dtb-arm-5.14.21-150400.24.92.1 * dtb-qcom-5.14.21-150400.24.92.1 * dtb-rockchip-5.14.21-150400.24.92.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * dtb-nvidia-5.14.21-150400.24.92.1 * kernel-64kb-debuginfo-5.14.21-150400.24.92.1 * kernel-64kb-optional-5.14.21-150400.24.92.1 * dtb-amlogic-5.14.21-150400.24.92.1 * dtb-broadcom-5.14.21-150400.24.92.1 * dtb-exynos-5.14.21-150400.24.92.1 * ocfs2-kmp-64kb-5.14.21-150400.24.92.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * reiserfs-kmp-64kb-5.14.21-150400.24.92.1 * dlm-kmp-64kb-5.14.21-150400.24.92.1 * dtb-lg-5.14.21-150400.24.92.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * dtb-renesas-5.14.21-150400.24.92.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.92.1 * dtb-amazon-5.14.21-150400.24.92.1 * dtb-socionext-5.14.21-150400.24.92.1 * dtb-cavium-5.14.21-150400.24.92.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.92.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * dtb-xilinx-5.14.21-150400.24.92.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.92.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.92.1 * dtb-mediatek-5.14.21-150400.24.92.1 * dtb-sprd-5.14.21-150400.24.92.1 * gfs2-kmp-64kb-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.92.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-2177.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-4155.html * https://www.suse.com/security/cve/CVE-2023-42753.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-4389.html * https://www.suse.com/security/cve/CVE-2023-4563.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1202845 * https://bugzilla.suse.com/show_bug.cgi?id=1213808 * https://bugzilla.suse.com/show_bug.cgi?id=1214928 * https://bugzilla.suse.com/show_bug.cgi?id=1214940 * https://bugzilla.suse.com/show_bug.cgi?id=1214941 * https://bugzilla.suse.com/show_bug.cgi?id=1214942 * https://bugzilla.suse.com/show_bug.cgi?id=1214943 * https://bugzilla.suse.com/show_bug.cgi?id=1214944 * https://bugzilla.suse.com/show_bug.cgi?id=1214950 * https://bugzilla.suse.com/show_bug.cgi?id=1214951 * https://bugzilla.suse.com/show_bug.cgi?id=1214954 * https://bugzilla.suse.com/show_bug.cgi?id=1214957 * https://bugzilla.suse.com/show_bug.cgi?id=1214986 * https://bugzilla.suse.com/show_bug.cgi?id=1214988 * https://bugzilla.suse.com/show_bug.cgi?id=1214992 * https://bugzilla.suse.com/show_bug.cgi?id=1214993 * https://bugzilla.suse.com/show_bug.cgi?id=1215322 * https://bugzilla.suse.com/show_bug.cgi?id=1215877 * https://bugzilla.suse.com/show_bug.cgi?id=1215894 * https://bugzilla.suse.com/show_bug.cgi?id=1215895 * https://bugzilla.suse.com/show_bug.cgi?id=1215896 * https://bugzilla.suse.com/show_bug.cgi?id=1215911 * https://bugzilla.suse.com/show_bug.cgi?id=1215915 * https://bugzilla.suse.com/show_bug.cgi?id=1215916 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 6 12:30:08 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 06 Nov 2023 12:30:08 -0000 Subject: SUSE-SU-2023:4374-1: important: Security update for nodejs12 Message-ID: <169927380894.13867.1102276159910575594@smelt2.prg2.suse.org> # Security update for nodejs12 Announcement ID: SUSE-SU-2023:4374-1 Rating: important References: * bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 * CVE-2023-44487 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4374=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4374=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4374=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4374=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4374=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4374=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4374=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4374=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * openSUSE Leap 15.4 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Manager Server 4.2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Enterprise Storage 7.1 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 6 12:30:11 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 06 Nov 2023 12:30:11 -0000 Subject: SUSE-SU-2023:4373-1: important: Security update for nodejs12 Message-ID: <169927381187.13867.6322504851471386097@smelt2.prg2.suse.org> # Security update for nodejs12 Announcement ID: SUSE-SU-2023:4373-1 Rating: important References: * bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 * CVE-2023-44487 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4373=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4373=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4373=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4373=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4373=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4373=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4373=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4373=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4373=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4373=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * corepack14-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * openSUSE Leap 15.4 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Manager Server 4.2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Enterprise Storage 7.1 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 6 12:30:19 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 06 Nov 2023 12:30:19 -0000 Subject: SUSE-SU-2023:4372-1: important: Security update for util-linux Message-ID: <169927381965.13867.15627889142507279347@smelt2.prg2.suse.org> # Security update for util-linux Announcement ID: SUSE-SU-2023:4372-1 Rating: important References: * bsc#1213865 Cross-References: * CVE-2018-7738 CVSS scores: * CVE-2018-7738 ( SUSE ): 8.2 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2018-7738 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that solves one vulnerability can now be installed. ## Description: This update for util-linux fixes the following issues: * CVE-2018-7738: Fixed shell code injection in umount bash-completions (bsc#1213865). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4372=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4372=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-libmount-debugsource-2.31.1-150000.9.24.1 * python-libmount-debuginfo-2.31.1-150000.9.24.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-libmount-debugsource-2.31.1-150000.9.24.1 * python-libmount-debuginfo-2.31.1-150000.9.24.1 ## References: * https://www.suse.com/security/cve/CVE-2018-7738.html * https://bugzilla.suse.com/show_bug.cgi?id=1213865 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 6 12:30:22 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 06 Nov 2023 12:30:22 -0000 Subject: SUSE-SU-2023:4371-1: moderate: Security update for tiff Message-ID: <169927382299.13867.1274256849973764125@smelt2.prg2.suse.org> # Security update for tiff Announcement ID: SUSE-SU-2023:4371-1 Rating: moderate References: * bsc#1212535 * bsc#1212881 * bsc#1212883 * bsc#1212888 * bsc#1213273 * bsc#1213274 * bsc#1213589 * bsc#1213590 * bsc#1214574 Cross-References: * CVE-2020-18768 * CVE-2023-25433 * CVE-2023-26966 * CVE-2023-2908 * CVE-2023-3316 * CVE-2023-3576 * CVE-2023-3618 * CVE-2023-38288 * CVE-2023-38289 CVSS scores: * CVE-2020-18768 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2020-18768 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25433 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-26966 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2023-26966 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2908 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2908 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3316 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3316 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3576 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-3576 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3618 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3618 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-38288 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-38289 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for tiff fixes the following issues: * CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff (bsc#1213589). * CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590). * CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273). * CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574). * CVE-2023-26966: Fixed an out of bounds read when transforming a little- endian file to a big-endian output (bsc#1212881) * CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3 files (bsc#1213274). * CVE-2023-2908: Fixed an undefined behavior issue when doing pointer arithmetic on a NULL pointer (bsc#1212888). * CVE-2023-3316: Fixed a NULL pointer dereference while opening a file in an inaccessible path (bsc#1212535). * CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4371=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4371=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4371=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4371=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libtiff-devel-4.0.9-44.71.1 * tiff-debuginfo-4.0.9-44.71.1 * tiff-debugsource-4.0.9-44.71.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * tiff-4.0.9-44.71.1 * libtiff5-debuginfo-4.0.9-44.71.1 * tiff-debuginfo-4.0.9-44.71.1 * tiff-debugsource-4.0.9-44.71.1 * libtiff5-4.0.9-44.71.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libtiff5-debuginfo-32bit-4.0.9-44.71.1 * libtiff5-32bit-4.0.9-44.71.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * tiff-4.0.9-44.71.1 * libtiff5-debuginfo-4.0.9-44.71.1 * tiff-debuginfo-4.0.9-44.71.1 * tiff-debugsource-4.0.9-44.71.1 * libtiff5-4.0.9-44.71.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libtiff5-debuginfo-32bit-4.0.9-44.71.1 * libtiff5-32bit-4.0.9-44.71.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * tiff-4.0.9-44.71.1 * libtiff5-debuginfo-4.0.9-44.71.1 * tiff-debuginfo-4.0.9-44.71.1 * tiff-debugsource-4.0.9-44.71.1 * libtiff5-4.0.9-44.71.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libtiff5-debuginfo-32bit-4.0.9-44.71.1 * libtiff5-32bit-4.0.9-44.71.1 ## References: * https://www.suse.com/security/cve/CVE-2020-18768.html * https://www.suse.com/security/cve/CVE-2023-25433.html * https://www.suse.com/security/cve/CVE-2023-26966.html * https://www.suse.com/security/cve/CVE-2023-2908.html * https://www.suse.com/security/cve/CVE-2023-3316.html * https://www.suse.com/security/cve/CVE-2023-3576.html * https://www.suse.com/security/cve/CVE-2023-3618.html * https://www.suse.com/security/cve/CVE-2023-38288.html * https://www.suse.com/security/cve/CVE-2023-38289.html * https://bugzilla.suse.com/show_bug.cgi?id=1212535 * https://bugzilla.suse.com/show_bug.cgi?id=1212881 * https://bugzilla.suse.com/show_bug.cgi?id=1212883 * https://bugzilla.suse.com/show_bug.cgi?id=1212888 * https://bugzilla.suse.com/show_bug.cgi?id=1213273 * https://bugzilla.suse.com/show_bug.cgi?id=1213274 * https://bugzilla.suse.com/show_bug.cgi?id=1213589 * https://bugzilla.suse.com/show_bug.cgi?id=1213590 * https://bugzilla.suse.com/show_bug.cgi?id=1214574 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 6 12:30:26 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 06 Nov 2023 12:30:26 -0000 Subject: SUSE-SU-2023:4370-1: moderate: Security update for tiff Message-ID: <169927382601.13867.4204664272214104824@smelt2.prg2.suse.org> # Security update for tiff Announcement ID: SUSE-SU-2023:4370-1 Rating: moderate References: * bsc#1212535 * bsc#1212881 * bsc#1212883 * bsc#1212888 * bsc#1213273 * bsc#1213274 * bsc#1213589 * bsc#1213590 * bsc#1214574 Cross-References: * CVE-2020-18768 * CVE-2023-25433 * CVE-2023-26966 * CVE-2023-2908 * CVE-2023-3316 * CVE-2023-3576 * CVE-2023-3618 * CVE-2023-38288 * CVE-2023-38289 CVSS scores: * CVE-2020-18768 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2020-18768 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25433 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-26966 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2023-26966 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2908 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2908 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3316 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3316 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3576 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-3576 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3618 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-3618 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-38288 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-38289 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for tiff fixes the following issues: * CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff (bsc#1213589). * CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590). * CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273). * CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574). * CVE-2023-26966: Fixed an out of bounds read when transforming a little- endian file to a big-endian output (bsc#1212881) * CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3 files (bsc#1213274). * CVE-2023-2908: Fixed an undefined behavior issue when doing pointer arithmetic on a NULL pointer (bsc#1212888). * CVE-2023-3316: Fixed a NULL pointer dereference while opening a file in an inaccessible path (bsc#1212535). * CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4370=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4370=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4370=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4370=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4370=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4370=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4370=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4370=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4370=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4370=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4370=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4370=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4370=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4370=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4370=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * openSUSE Leap 15.4 (x86_64) * libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1 * libtiff5-32bit-4.0.9-150000.45.32.1 * libtiff-devel-32bit-4.0.9-150000.45.32.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.32.1 * libtiff5-debuginfo-4.0.9-150000.45.32.1 * libtiff-devel-4.0.9-150000.45.32.1 * tiff-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * openSUSE Leap 15.5 (x86_64) * libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1 * libtiff5-32bit-4.0.9-150000.45.32.1 * libtiff-devel-32bit-4.0.9-150000.45.32.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.32.1 * libtiff5-debuginfo-4.0.9-150000.45.32.1 * libtiff-devel-4.0.9-150000.45.32.1 * tiff-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libtiff5-debuginfo-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.32.1 * libtiff5-debuginfo-4.0.9-150000.45.32.1 * libtiff-devel-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * Basesystem Module 15-SP4 (x86_64) * libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1 * libtiff5-32bit-4.0.9-150000.45.32.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.32.1 * libtiff5-debuginfo-4.0.9-150000.45.32.1 * libtiff-devel-4.0.9-150000.45.32.1 * tiff-debuginfo-4.0.9-150000.45.32.1 * libtiff5-4.0.9-150000.45.32.1 * Basesystem Module 15-SP5 (x86_64) * libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1 * libtiff5-32bit-4.0.9-150000.45.32.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * tiff-debuginfo-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * tiff-4.0.9-150000.45.32.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * tiff-debuginfo-4.0.9-150000.45.32.1 * tiff-debugsource-4.0.9-150000.45.32.1 * tiff-4.0.9-150000.45.32.1 ## References: * https://www.suse.com/security/cve/CVE-2020-18768.html * https://www.suse.com/security/cve/CVE-2023-25433.html * https://www.suse.com/security/cve/CVE-2023-26966.html * https://www.suse.com/security/cve/CVE-2023-2908.html * https://www.suse.com/security/cve/CVE-2023-3316.html * https://www.suse.com/security/cve/CVE-2023-3576.html * https://www.suse.com/security/cve/CVE-2023-3618.html * https://www.suse.com/security/cve/CVE-2023-38288.html * https://www.suse.com/security/cve/CVE-2023-38289.html * https://bugzilla.suse.com/show_bug.cgi?id=1212535 * https://bugzilla.suse.com/show_bug.cgi?id=1212881 * https://bugzilla.suse.com/show_bug.cgi?id=1212883 * https://bugzilla.suse.com/show_bug.cgi?id=1212888 * https://bugzilla.suse.com/show_bug.cgi?id=1213273 * https://bugzilla.suse.com/show_bug.cgi?id=1213274 * https://bugzilla.suse.com/show_bug.cgi?id=1213589 * https://bugzilla.suse.com/show_bug.cgi?id=1213590 * https://bugzilla.suse.com/show_bug.cgi?id=1214574 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 6 16:30:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 06 Nov 2023 16:30:06 -0000 Subject: SUSE-SU-2023:4377-1: important: Security update for the Linux Kernel Message-ID: <169928820656.2730.2284166800460016564@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4377-1 Rating: important References: * bsc#1210778 * bsc#1210853 * bsc#1212051 * bsc#1215467 * bsc#1215518 * bsc#1215745 * bsc#1215858 * bsc#1215860 * bsc#1215861 * bsc#1216046 * bsc#1216051 * bsc#1216134 Cross-References: * CVE-2023-2163 * CVE-2023-31085 * CVE-2023-3111 * CVE-2023-34324 * CVE-2023-39189 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-42754 * CVE-2023-45862 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that solves 10 vulnerabilities and has two security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). * CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). * CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). The following non-security bugs were fixed: * KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853, bsc#1216134). * bpf: propagate precision in ALU/ALU64 operations (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-4377=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-4377=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4377=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4377=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4377=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (nosrc) * kernel-default-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_169-default-debuginfo-1-150200.5.3.1 * kernel-livepatch-5_3_18-150200_24_169-default-1-150200.5.3.1 * kernel-livepatch-SLE15-SP2_Update_42-debugsource-1-150200.5.3.1 * kernel-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debugsource-5.3.18-150200.24.169.1 * kernel-default-livepatch-devel-5.3.18-150200.24.169.1 * kernel-default-livepatch-5.3.18-150200.24.169.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-debuginfo-5.3.18-150200.24.169.1 * gfs2-kmp-default-5.3.18-150200.24.169.1 * gfs2-kmp-default-debuginfo-5.3.18-150200.24.169.1 * dlm-kmp-default-5.3.18-150200.24.169.1 * ocfs2-kmp-default-debuginfo-5.3.18-150200.24.169.1 * cluster-md-kmp-default-5.3.18-150200.24.169.1 * dlm-kmp-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debugsource-5.3.18-150200.24.169.1 * ocfs2-kmp-default-5.3.18-150200.24.169.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc) * kernel-default-5.3.18-150200.24.169.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150200.24.169.1 * kernel-preempt-5.3.18-150200.24.169.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-obs-build-debugsource-5.3.18-150200.24.169.1 * kernel-default-base-5.3.18-150200.24.169.1.150200.9.85.1 * kernel-preempt-devel-5.3.18-150200.24.169.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.169.1 * kernel-preempt-debuginfo-5.3.18-150200.24.169.1 * kernel-default-devel-5.3.18-150200.24.169.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debugsource-5.3.18-150200.24.169.1 * kernel-preempt-debugsource-5.3.18-150200.24.169.1 * kernel-syms-5.3.18-150200.24.169.1 * kernel-obs-build-5.3.18-150200.24.169.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * kernel-source-5.3.18-150200.24.169.1 * kernel-devel-5.3.18-150200.24.169.1 * kernel-macros-5.3.18-150200.24.169.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.3.18-150200.24.169.1 * kernel-default-base-5.3.18-150200.24.169.1.150200.9.85.1 * reiserfs-kmp-default-5.3.18-150200.24.169.1 * kernel-default-devel-5.3.18-150200.24.169.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.169.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debugsource-5.3.18-150200.24.169.1 * kernel-syms-5.3.18-150200.24.169.1 * kernel-obs-build-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * kernel-source-5.3.18-150200.24.169.1 * kernel-devel-5.3.18-150200.24.169.1 * kernel-macros-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150200.24.169.1 * kernel-preempt-debuginfo-5.3.18-150200.24.169.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.169.1 * kernel-preempt-devel-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * kernel-obs-build-debugsource-5.3.18-150200.24.169.1 * kernel-default-base-5.3.18-150200.24.169.1.150200.9.85.1 * reiserfs-kmp-default-5.3.18-150200.24.169.1 * kernel-default-devel-5.3.18-150200.24.169.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.169.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debuginfo-5.3.18-150200.24.169.1 * kernel-default-debugsource-5.3.18-150200.24.169.1 * kernel-syms-5.3.18-150200.24.169.1 * kernel-obs-build-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * kernel-source-5.3.18-150200.24.169.1 * kernel-devel-5.3.18-150200.24.169.1 * kernel-macros-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64) * kernel-preempt-5.3.18-150200.24.169.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * kernel-preempt-debugsource-5.3.18-150200.24.169.1 * kernel-preempt-debuginfo-5.3.18-150200.24.169.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.169.1 * kernel-preempt-devel-5.3.18-150200.24.169.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-3111.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-45862.html * https://bugzilla.suse.com/show_bug.cgi?id=1210778 * https://bugzilla.suse.com/show_bug.cgi?id=1210853 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1215467 * https://bugzilla.suse.com/show_bug.cgi?id=1215518 * https://bugzilla.suse.com/show_bug.cgi?id=1215745 * https://bugzilla.suse.com/show_bug.cgi?id=1215858 * https://bugzilla.suse.com/show_bug.cgi?id=1215860 * https://bugzilla.suse.com/show_bug.cgi?id=1215861 * https://bugzilla.suse.com/show_bug.cgi?id=1216046 * https://bugzilla.suse.com/show_bug.cgi?id=1216051 * https://bugzilla.suse.com/show_bug.cgi?id=1216134 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 6 16:30:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 06 Nov 2023 16:30:09 -0000 Subject: SUSE-SU-2023:4381-1: important: Security update for squid Message-ID: <169928820916.2730.16774385487356324962@smelt2.prg2.suse.org> # Security update for squid Announcement ID: SUSE-SU-2023:4381-1 Rating: important References: * bsc#1216495 * bsc#1216498 * bsc#1216500 * bsc#1216803 Cross-References: * CVE-2023-46724 * CVE-2023-46846 * CVE-2023-46847 * CVE-2023-46848 CVSS scores: * CVE-2023-46724 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-46724 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-46846 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46846 ( NVD ): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N * CVE-2023-46847 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46847 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H * CVE-2023-46848 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46848 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500). * CVE-2023-46847: Denial of Service in HTTP Digest Authentication (bsc#1216495). * CVE-2023-46724: Fix validation of certificates with CN=* (bsc#1216803). * CVE-2023-46848: Denial of Service in FTP (bsc#1216498). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4381=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4381=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4381=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * squid-debugsource-4.17-4.30.1 * squid-debuginfo-4.17-4.30.1 * squid-4.17-4.30.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * squid-debugsource-4.17-4.30.1 * squid-debuginfo-4.17-4.30.1 * squid-4.17-4.30.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * squid-debugsource-4.17-4.30.1 * squid-debuginfo-4.17-4.30.1 * squid-4.17-4.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46724.html * https://www.suse.com/security/cve/CVE-2023-46846.html * https://www.suse.com/security/cve/CVE-2023-46847.html * https://www.suse.com/security/cve/CVE-2023-46848.html * https://bugzilla.suse.com/show_bug.cgi?id=1216495 * https://bugzilla.suse.com/show_bug.cgi?id=1216498 * https://bugzilla.suse.com/show_bug.cgi?id=1216500 * https://bugzilla.suse.com/show_bug.cgi?id=1216803 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 6 16:30:12 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 06 Nov 2023 16:30:12 -0000 Subject: SUSE-SU-2023:4380-1: important: Security update for squid Message-ID: <169928821273.2730.8309801461842317330@smelt2.prg2.suse.org> # Security update for squid Announcement ID: SUSE-SU-2023:4380-1 Rating: important References: * bsc#1216495 * bsc#1216498 * bsc#1216500 * bsc#1216803 Cross-References: * CVE-2023-46724 * CVE-2023-46846 * CVE-2023-46847 * CVE-2023-46848 CVSS scores: * CVE-2023-46724 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-46724 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-46846 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46846 ( NVD ): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N * CVE-2023-46847 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46847 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H * CVE-2023-46848 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46848 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500). * CVE-2023-46847: Denial of Service in HTTP Digest Authentication (bsc#1216495). * CVE-2023-46724: Fix validation of certificates with CN=* (bsc#1216803). * CVE-2023-46848: Denial of Service in FTP (bsc#1216498). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4380=1 openSUSE-SLE-15.4-2023-4380=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4380=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4380=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4380=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * squid-5.7-150400.3.12.1 * squid-debugsource-5.7-150400.3.12.1 * squid-debuginfo-5.7-150400.3.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * squid-5.7-150400.3.12.1 * squid-debugsource-5.7-150400.3.12.1 * squid-debuginfo-5.7-150400.3.12.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * squid-5.7-150400.3.12.1 * squid-debugsource-5.7-150400.3.12.1 * squid-debuginfo-5.7-150400.3.12.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * squid-5.7-150400.3.12.1 * squid-debugsource-5.7-150400.3.12.1 * squid-debuginfo-5.7-150400.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46724.html * https://www.suse.com/security/cve/CVE-2023-46846.html * https://www.suse.com/security/cve/CVE-2023-46847.html * https://www.suse.com/security/cve/CVE-2023-46848.html * https://bugzilla.suse.com/show_bug.cgi?id=1216495 * https://bugzilla.suse.com/show_bug.cgi?id=1216498 * https://bugzilla.suse.com/show_bug.cgi?id=1216500 * https://bugzilla.suse.com/show_bug.cgi?id=1216803 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 6 16:30:19 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 06 Nov 2023 16:30:19 -0000 Subject: SUSE-SU-2023:4378-1: important: Security update for the Linux Kernel Message-ID: <169928821946.2730.15277297997312811021@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4378-1 Rating: important References: * bsc#1208788 * bsc#1210778 * bsc#1211307 * bsc#1212423 * bsc#1212649 * bsc#1213705 * bsc#1213772 * bsc#1214842 * bsc#1215095 * bsc#1215104 * bsc#1215518 * bsc#1215955 * bsc#1215956 * bsc#1215957 * bsc#1215986 * bsc#1216062 * bsc#1216345 * bsc#1216510 * bsc#1216511 * bsc#1216512 * bsc#1216621 Cross-References: * CVE-2023-2163 * CVE-2023-31085 * CVE-2023-34324 * CVE-2023-3777 * CVE-2023-39189 * CVE-2023-39193 * CVE-2023-5178 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves seven vulnerabilities and has 14 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) * CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) The following non-security bugs were fixed: * 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). * ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). * ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). * ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). * ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). * ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). * ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git- fixes). * ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). * ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). * ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). * ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). * ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). * ASoC: pxa: fix a memory leak in probe() (git-fixes). * ata: libata-core: Do not register PM operations for SAS ports (git-fixes). * ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). * ata: libata-core: Fix port and device removal (git-fixes). * ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). * ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). * blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). * blk-cgroup: support to track if policy is online (bsc#1216062). * Bluetooth: avoid memcmp() out of bounds warning (git-fixes). * Bluetooth: Avoid redundant authentication (git-fixes). * Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). * Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). * Bluetooth: hci_event: Fix coding style (git-fixes). * Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). * Bluetooth: hci_event: Ignore NULL link key (git-fixes). * Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). * Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). * Bluetooth: Reject connection with the device which has same BD_ADDR (git- fixes). * Bluetooth: vhci: Fix race when opening vhci device (git-fixes). * bpf: propagate precision in ALU/ALU64 operations (git-fixes). * bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). * bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git- fixes). * cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). * cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). * clk: tegra: fix error return case for recalc_rate (git-fixes). * counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git- fixes). * crypto: qat - add fw_counters debugfs file (PED-6401). * crypto: qat - add heartbeat counters check (PED-6401). * crypto: qat - add heartbeat feature (PED-6401). * crypto: qat - add internal timer for qat 4xxx (PED-6401). * crypto: qat - add measure clock frequency (PED-6401). * crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). * crypto: qat - add qat_zlib_deflate (PED-6401). * crypto: qat - add support for 402xx devices (PED-6401). * crypto: qat - change value of default idle filter (PED-6401). * crypto: qat - delay sysfs initialization (PED-6401). * crypto: qat - do not export adf_init_admin_pm() (PED-6401). * crypto: qat - drop log level of msg in get_instance_node() (PED-6401). * crypto: qat - drop obsolete heartbeat interface (PED-6401). * crypto: qat - drop redundant adf_enable_aer() (PED-6401). * crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). * crypto: qat - extend buffer list logic interface (PED-6401). * crypto: qat - extend configuration for 4xxx (PED-6401). * crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). * crypto: qat - fix concurrency issue when device state changes (PED-6401). * crypto: qat - fix crypto capability detection for 4xxx (PED-6401). * crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). * crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). * crypto: qat - make fw images name constant (PED-6401). * crypto: qat - make state machine functions static (PED-6401). * crypto: qat - move dbgfs init to separate file (PED-6401). * crypto: qat - move returns to default case (PED-6401). * crypto: qat - refactor device restart logic (PED-6401). * crypto: qat - refactor fw config logic for 4xxx (PED-6401). * crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). * crypto: qat - Remove unused function declarations (PED-6401). * crypto: qat - replace state machine calls (PED-6401). * crypto: qat - replace the if statement with min() (PED-6401). * crypto: qat - set deprecated capabilities as reserved (PED-6401). * crypto: qat - unmap buffer before free for DH (PED-6401). * crypto: qat - unmap buffers before free for RSA (PED-6401). * crypto: qat - update slice mask for 4xxx devices (PED-6401). * crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). * dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git- fixes). * dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). * dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). * Documentation: qat: change kernel version (PED-6401). * Documentation: qat: rewrite description (PED-6401). * Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git- fixes). * Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git- fixes). * drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). * drm/amd/display: Do not check registers, if using AUX BL control (git- fixes). * drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). * drm/amdgpu: add missing NULL check (git-fixes). * drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). * drm/i915: Retry gtt fault when out of fence registers (git-fixes). * drm/msm/dp: do not reinitialize phy unless retry during link training (git- fixes). * drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git- fixes). * drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). * drm/msm/dsi: skip the wait for video mode done if not applicable (git- fixes). * drm/vmwgfx: fix typo of sizeof argument (git-fixes). * firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). * firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). * gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git- fixes). * gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). * gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). * gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). * gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). * gpio: vf610: set value before the direction to avoid a glitch (git-fixes). * gve: Do not fully free QPL pages on prefill errors (git-fixes). * HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git- fixes). * HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). * HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git- fixes). * HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). * HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). * HID: sony: remove duplicate NULL check before calling usb_free_urb() (git- fixes). * i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). * i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git- fixes). * i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git- fixes). * i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). * i2c: mux: gpio: Replace custom acpi_get_local_address() (git-fixes). * i2c: npcm7xx: Fix callback completion ordering (git-fixes). * IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) * ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). * iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). * iio: pressure: dps310: Adjust Timeout Settings (git-fixes). * iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). * Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). * Input: powermate - fix use-after-free in powermate_config_complete (git- fixes). * Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). * Input: xpad - add PXN V900 support (git-fixes). * iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). * iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). * kabi: blkcg_policy_data fix KABI (bsc#1216062). * kabi: workaround for enum nft_trans_phase (bsc#1215104). * kprobes: Prohibit probing on CFI preamble symbol (git-fixes). * KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). * KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git- fixes). * KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). * KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). * KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). * KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). * KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). * KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). * KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). * leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). * mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). * mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). * mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). * mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). * mtd: physmap-core: Restore map_rom fallback (git-fixes). * mtd: rawnand: arasan: Ensure program page operations are successful (git- fixes). * mtd: rawnand: marvell: Ensure program page operations are successful (git- fixes). * mtd: rawnand: pl353: Ensure program page operations are successful (git- fixes). * mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). * mtd: spinand: micron: correct bitmask for ecc status (git-fixes). * net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). * net: mana: Fix TX CQE error handling (bsc#1215986). * net: nfc: llcp: Add lock when modifying device list (git-fixes). * net: rfkill: gpio: prevent value glitch during probe (git-fixes). * net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). * net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). * net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). * net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git- fixes). * netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). * netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). * nfc: nci: assert requested protocol is valid (git-fixes). * nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git- fixes). * nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). * nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). * phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). * phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). * phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). * pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). * pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). * platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). * platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). * platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git- fixes). * platform/x86: think-lmi: Fix reference leak (git-fixes). * platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). * power: supply: ucs1002: fix error code in ucs1002_get_property() (git- fixes). * r8152: check budget for r8152_poll() (git-fixes). * RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) * RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) * RDMA/core: Require admin capabilities to set system parameters (git-fixes) * RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) * RDMA/mlx5: Fix NULL string error (git-fixes) * RDMA/siw: Fix connection failure handling (git-fixes) * RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) * RDMA/uverbs: Fix typo of sizeof argument (git-fixes) * regmap: fix NULL deref on lookup (git-fixes). * regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). * ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). * ring-buffer: Do not attempt to read past "commit" (git-fixes). * ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). * ring-buffer: Update "shortest_full" in polling (git-fixes). * s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). * s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). * s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). * sched/cpuset: Bring back cpuset_mutex (bsc#1215955). * sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). * sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). * sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). * serial: 8250_port: Check IRQ data before use (git-fixes). * soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git- fixes). * spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). * spi: stm32: add a delay before SPI disable (git-fixes). * spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). * spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). * thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git- fixes). * thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). * tracing: Have current_trace inc the trace array ref count (git-fixes). * tracing: Have event inject files inc the trace array ref count (git-fixes). * tracing: Have option files inc the trace array ref count (git-fixes). * tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). * tracing: Increase trace array ref count on enable and filter files (git- fixes). * tracing: Make trace_marker{,_raw} stream-like (git-fixes). * usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). * usb: dwc3: Soft reset phy on probe for host (git-fixes). * usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git- fixes). * usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). * usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). * usb: musb: Modify the "HWVers" register address (git-fixes). * usb: serial: option: add entry for Sierra EM9191 with new firmware (git- fixes). * usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). * usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). * usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git- fixes). * usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). * vmbus_testing: fix wrong python syntax for integer value comparison (git- fixes). * vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). * watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). * watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). * wifi: cfg80211: avoid leaking stack data into trace (git-fixes). * wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). * wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). * wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). * wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). * wifi: mac80211: allow transmitting EAPOL frames with tainted key (git- fixes). * wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). * wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git- fixes). * wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). * wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). * x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). * x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). * x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). * x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). * x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). * x86/cpu: Support AMD Automatic IBRS (bsc#1213772). * x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). * x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). * x86/sev: Disable MMIO emulation from user mode (bsc#1212649). * xen-netback: use default TX queue size for vifs (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4378=1 SUSE-2023-4378=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4378=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4378=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4378=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4378=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4378=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4378=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4378=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4378=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4378=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4378=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-4378=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4378=1 ## Package List: * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-5.14.21-150400.24.97.1 * kernel-source-5.14.21-150400.24.97.1 * kernel-source-vanilla-5.14.21-150400.24.97.1 * kernel-macros-5.14.21-150400.24.97.1 * kernel-docs-html-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-debuginfo-5.14.21-150400.24.97.1 * kernel-debug-devel-5.14.21-150400.24.97.1 * kernel-debug-debugsource-5.14.21-150400.24.97.1 * kernel-debug-livepatch-devel-5.14.21-150400.24.97.1 * kernel-debug-devel-debuginfo-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debuginfo-5.14.21-150400.24.97.1 * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * kernel-default-base-rebuild-5.14.21-150400.24.97.1.150400.24.44.2 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.97.1 * kernel-kvmsmall-devel-5.14.21-150400.24.97.1 * kernel-kvmsmall-debugsource-5.14.21-150400.24.97.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * dlm-kmp-default-5.14.21-150400.24.97.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.97.1 * gfs2-kmp-default-5.14.21-150400.24.97.1 * kernel-default-extra-5.14.21-150400.24.97.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.97.1 * kernel-obs-qa-5.14.21-150400.24.97.1 * cluster-md-kmp-default-5.14.21-150400.24.97.1 * kernel-default-devel-5.14.21-150400.24.97.1 * kernel-obs-build-debugsource-5.14.21-150400.24.97.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-livepatch-devel-5.14.21-150400.24.97.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.97.1 * ocfs2-kmp-default-5.14.21-150400.24.97.1 * kernel-syms-5.14.21-150400.24.97.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.97.1 * reiserfs-kmp-default-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * kernel-default-optional-5.14.21-150400.24.97.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-livepatch-5.14.21-150400.24.97.1 * kselftests-kmp-default-5.14.21-150400.24.97.1 * kernel-obs-build-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_20-debugsource-1-150400.9.3.2 * kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-1-150400.9.3.2 * kernel-livepatch-5_14_21-150400_24_97-default-1-150400.9.3.2 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.97.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (aarch64) * kernel-64kb-extra-5.14.21-150400.24.97.1 * dtb-xilinx-5.14.21-150400.24.97.1 * dtb-socionext-5.14.21-150400.24.97.1 * ocfs2-kmp-64kb-5.14.21-150400.24.97.1 * dtb-sprd-5.14.21-150400.24.97.1 * dlm-kmp-64kb-5.14.21-150400.24.97.1 * dtb-allwinner-5.14.21-150400.24.97.1 * reiserfs-kmp-64kb-5.14.21-150400.24.97.1 * dtb-amd-5.14.21-150400.24.97.1 * dtb-exynos-5.14.21-150400.24.97.1 * dtb-mediatek-5.14.21-150400.24.97.1 * dtb-arm-5.14.21-150400.24.97.1 * dtb-altera-5.14.21-150400.24.97.1 * dtb-lg-5.14.21-150400.24.97.1 * dtb-renesas-5.14.21-150400.24.97.1 * dtb-freescale-5.14.21-150400.24.97.1 * kernel-64kb-debuginfo-5.14.21-150400.24.97.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.97.1 * dtb-qcom-5.14.21-150400.24.97.1 * dtb-marvell-5.14.21-150400.24.97.1 * dtb-cavium-5.14.21-150400.24.97.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.97.1 * gfs2-kmp-64kb-5.14.21-150400.24.97.1 * kernel-64kb-optional-5.14.21-150400.24.97.1 * cluster-md-kmp-64kb-5.14.21-150400.24.97.1 * dtb-apm-5.14.21-150400.24.97.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.97.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.97.1 * dtb-rockchip-5.14.21-150400.24.97.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.97.1 * dtb-hisilicon-5.14.21-150400.24.97.1 * dtb-amlogic-5.14.21-150400.24.97.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.97.1 * dtb-amazon-5.14.21-150400.24.97.1 * kselftests-kmp-64kb-5.14.21-150400.24.97.1 * dtb-apple-5.14.21-150400.24.97.1 * dtb-nvidia-5.14.21-150400.24.97.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.97.1 * kernel-64kb-devel-5.14.21-150400.24.97.1 * dtb-broadcom-5.14.21-150400.24.97.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.97.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.97.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.97.1 * kernel-64kb-debugsource-5.14.21-150400.24.97.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.97.1 * openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.97.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * kernel-default-debugsource-5.14.21-150400.24.97.1 * openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.97.1 * openSUSE Leap Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * Basesystem Module 15-SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.97.1 * Basesystem Module 15-SP4 (aarch64) * kernel-64kb-devel-debuginfo-5.14.21-150400.24.97.1 * kernel-64kb-debugsource-5.14.21-150400.24.97.1 * kernel-64kb-devel-5.14.21-150400.24.97.1 * kernel-64kb-debuginfo-5.14.21-150400.24.97.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.97.1 * Basesystem Module 15-SP4 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.14.21-150400.24.97.1 * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * Basesystem Module 15-SP4 (noarch) * kernel-macros-5.14.21-150400.24.97.1 * kernel-devel-5.14.21-150400.24.97.1 * Basesystem Module 15-SP4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.97.1 * Basesystem Module 15-SP4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.97.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.97.1 * Development Tools Module 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.97.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.14.21-150400.24.97.1 * kernel-syms-5.14.21-150400.24.97.1 * kernel-obs-build-5.14.21-150400.24.97.1 * Development Tools Module 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.97.1 * Legacy Module 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.97.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-5.14.21-150400.24.97.1 * kernel-default-debuginfo-5.14.21-150400.24.97.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * kernel-default-livepatch-devel-5.14.21-150400.24.97.1 * kernel-default-livepatch-5.14.21-150400.24.97.1 * kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-1-150400.9.3.2 * kernel-livepatch-SLE15-SP4_Update_20-debugsource-1-150400.9.3.2 * kernel-livepatch-5_14_21-150400_24_97-default-1-150400.9.3.2 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debuginfo-5.14.21-150400.24.97.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 * gfs2-kmp-default-5.14.21-150400.24.97.1 * ocfs2-kmp-default-5.14.21-150400.24.97.1 * cluster-md-kmp-default-5.14.21-150400.24.97.1 * dlm-kmp-default-5.14.21-150400.24.97.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.97.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * kernel-default-extra-5.14.21-150400.24.97.1 * kernel-default-debuginfo-5.14.21-150400.24.97.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.97.1 * kernel-default-debugsource-5.14.21-150400.24.97.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-5178.html * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1210778 * https://bugzilla.suse.com/show_bug.cgi?id=1211307 * https://bugzilla.suse.com/show_bug.cgi?id=1212423 * https://bugzilla.suse.com/show_bug.cgi?id=1212649 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1213772 * https://bugzilla.suse.com/show_bug.cgi?id=1214842 * https://bugzilla.suse.com/show_bug.cgi?id=1215095 * https://bugzilla.suse.com/show_bug.cgi?id=1215104 * https://bugzilla.suse.com/show_bug.cgi?id=1215518 * https://bugzilla.suse.com/show_bug.cgi?id=1215955 * https://bugzilla.suse.com/show_bug.cgi?id=1215956 * https://bugzilla.suse.com/show_bug.cgi?id=1215957 * https://bugzilla.suse.com/show_bug.cgi?id=1215986 * https://bugzilla.suse.com/show_bug.cgi?id=1216062 * https://bugzilla.suse.com/show_bug.cgi?id=1216345 * https://bugzilla.suse.com/show_bug.cgi?id=1216510 * https://bugzilla.suse.com/show_bug.cgi?id=1216511 * https://bugzilla.suse.com/show_bug.cgi?id=1216512 * https://bugzilla.suse.com/show_bug.cgi?id=1216621 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 6 16:30:23 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 06 Nov 2023 16:30:23 -0000 Subject: SUSE-SU-2023:4376-1: important: Security update for redis Message-ID: <169928822308.2730.7897919929764824690@smelt2.prg2.suse.org> # Security update for redis Announcement ID: SUSE-SU-2023:4376-1 Rating: important References: * bsc#1216376 Cross-References: * CVE-2023-45145 CVSS scores: * CVE-2023-45145 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45145 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for redis fixes the following issues: * CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation (bsc#1216376). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4376=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4376=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4376=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4376=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4376=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4376=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4376=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4376=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4376=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4376=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4376=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Manager Proxy 4.2 (x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * redis-debuginfo-6.0.14-150200.6.29.1 * redis-6.0.14-150200.6.29.1 * redis-debugsource-6.0.14-150200.6.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45145.html * https://bugzilla.suse.com/show_bug.cgi?id=1216376 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 6 16:30:31 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 06 Nov 2023 16:30:31 -0000 Subject: SUSE-SU-2023:4375-1: important: Security update for the Linux Kernel Message-ID: <169928823191.2730.4792187570604937007@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4375-1 Rating: important References: * bsc#1208788 * bsc#1211162 * bsc#1211307 * bsc#1212423 * bsc#1212649 * bsc#1213705 * bsc#1213772 * bsc#1214754 * bsc#1214874 * bsc#1215095 * bsc#1215104 * bsc#1215523 * bsc#1215545 * bsc#1215921 * bsc#1215955 * bsc#1215986 * bsc#1216062 * bsc#1216202 * bsc#1216322 * bsc#1216323 * bsc#1216324 * bsc#1216333 * bsc#1216345 * bsc#1216512 * bsc#1216621 * bsc#802154 Cross-References: * CVE-2023-2163 * CVE-2023-31085 * CVE-2023-34324 * CVE-2023-3777 * CVE-2023-39189 * CVE-2023-39191 * CVE-2023-39193 * CVE-2023-46813 * CVE-2023-5178 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39191 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39191 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-46813 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * Legacy Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves nine vulnerabilities and has 17 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) * CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649). * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-5178: Fixed an use-after-free and a double-free flaw that could allow a malicious user to execute a remote code execution. (bsc#1215768) * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) * CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user- supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863) The following non-security bugs were fixed: * 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). * ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). * ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). * ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes). * ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes). * ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). * ALSA: hda/realtek - Fixed two speaker platform (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes). * ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). * ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes). * ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). * ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes). * ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes). * ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes). * ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). * ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes). * ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git- fixes). * ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). * ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). * ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). * ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). * ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). * ASoC: pxa: fix a memory leak in probe() (git-fixes). * Bluetooth: Avoid redundant authentication (git-fixes). * Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). * Bluetooth: ISO: Fix handling of listen for unicast (git-fixes). * Bluetooth: Reject connection with the device which has same BD_ADDR (git- fixes). * Bluetooth: avoid memcmp() out of bounds warning (git-fixes). * Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). * Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes). * Bluetooth: hci_event: Fix coding style (git-fixes). * Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). * Bluetooth: hci_event: Ignore NULL link key (git-fixes). * Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). * Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). * Bluetooth: vhci: Fix race when opening vhci device (git-fixes). * Documentation: qat: change kernel version (PED-6401). * Documentation: qat: rewrite description (PED-6401). * Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git- fixes). * Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git- fixes). * HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git- fixes). * HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). * HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git- fixes). * HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). * HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). * HID: sony: remove duplicate NULL check before calling usb_free_urb() (git- fixes). * IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) * Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). * Input: powermate - fix use-after-free in powermate_config_complete (git- fixes). * Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). * Input: xpad - add PXN V900 support (git-fixes). * KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git- fixes). * KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes). * KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). * KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). * KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). * KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). * KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). * KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). * KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). * KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). * NFS: Fix O_DIRECT locking issues (bsc#1211162). * NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). * NFS: Fix a potential data corruption (bsc#1211162). * NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). * NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). * NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). * NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). * NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). * NFS: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). * NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545). * RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) * RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) * RDMA/core: Require admin capabilities to set system parameters (git-fixes) * RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) * RDMA/mlx5: Fix NULL string error (git-fixes) * RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes) * RDMA/siw: Fix connection failure handling (git-fixes) * RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) * RDMA/uverbs: Fix typo of sizeof argument (git-fixes) * arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921) * ata: libata-core: Do not register PM operations for SAS ports (git-fixes). * ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). * ata: libata-core: Fix port and device removal (git-fixes). * ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). * ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). * blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). * blk-cgroup: support to track if policy is online (bsc#1216062). * bonding: Fix extraction of ports from the packet headers (bsc#1214754). * bonding: Return pointer to data after pull on skb (bsc#1214754). * bonding: do not assume skb mac_header is set (bsc#1214754). * bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes). * bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes). * bpf: Add override check to kprobe multi link attach (git-fixes). * bpf: Add zero_map_value to zero map value with special fields (git-fixes). * bpf: Cleanup check_refcount_ok (git-fixes). * bpf: Fix max stack depth check for async callbacks (git-fixes). * bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes). * bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes). * bpf: Fix resetting logic for unreferenced kptrs (git-fixes). * bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes). * bpf: Gate dynptr API behind CAP_BPF (git-fixes). * bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes). * bpf: Repeat check_max_stack_depth for async callbacks (git-fixes). * bpf: Tighten ptr_to_btf_id checks (git-fixes). * bpf: fix precision propagation verbose logging (git-fixes). * bpf: prevent decl_tag from being referenced in func_proto (git-fixes). * bpf: propagate precision across all frames, not just the last one (git- fixes). * bpf: propagate precision in ALU/ALU64 operations (git-fixes). * bpf: propagate precision in ALU/ALU64 operations (git-fixes). * btf: Export bpf_dynptr definition (git-fixes). * btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874). * bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). * bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git- fixes). * ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880). * ceph: add encryption support to writepage and writepages (jsc#SES-1880). * ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880). * ceph: add helpers for converting names for userland presentation (jsc#SES-1880). * ceph: add infrastructure for file encryption and decryption (jsc#SES-1880). * ceph: add new mount option to enable sparse reads (jsc#SES-1880). * ceph: add object version support for sync read (jsc#SES-1880). * ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880). * ceph: add some fscrypt guardrails (jsc#SES-1880). * ceph: add support for encrypted snapshot names (jsc#SES-1880). * ceph: add support to readdir for encrypted names (jsc#SES-1880). * ceph: add truncate size handling support for fscrypt (jsc#SES-1880). * ceph: align data in pages in ceph_sync_write (jsc#SES-1880). * ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880). * ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880). * ceph: decode alternate_name in lease info (jsc#SES-1880). * ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880). * ceph: drop messages from MDS when unmounting (jsc#SES-1880). * ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880). * ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322). * ceph: fix type promotion bug on 32bit systems (bsc#1216324). * ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880). * ceph: fscrypt_auth handling for ceph (jsc#SES-1880). * ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880). * ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880). * ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880). * ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880). * ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880). * ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880). * ceph: make ioctl cmds more readable in debug log (jsc#SES-1880). * ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880). * ceph: mark directory as non-complete after loading key (jsc#SES-1880). * ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880). * ceph: plumb in decryption during reads (jsc#SES-1880). * ceph: preallocate inode for ops that may create one (jsc#SES-1880). * ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880). * ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333). * ceph: send alternate_name in MClientRequest (jsc#SES-1880). * ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880). * ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880). * ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880). * ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880). * ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880). * ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880). * cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). * cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). * clk: tegra: fix error return case for recalc_rate (git-fixes). * counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git- fixes). * crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). * crypto: qat - Remove unused function declarations (PED-6401). * crypto: qat - add fw_counters debugfs file (PED-6401). * crypto: qat - add heartbeat counters check (PED-6401). * crypto: qat - add heartbeat feature (PED-6401). * crypto: qat - add internal timer for qat 4xxx (PED-6401). * crypto: qat - add measure clock frequency (PED-6401). * crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). * crypto: qat - add qat_zlib_deflate (PED-6401). * crypto: qat - add support for 402xx devices (PED-6401). * crypto: qat - change value of default idle filter (PED-6401). * crypto: qat - delay sysfs initialization (PED-6401). * crypto: qat - do not export adf_init_admin_pm() (PED-6401). * crypto: qat - drop log level of msg in get_instance_node() (PED-6401). * crypto: qat - drop obsolete heartbeat interface (PED-6401). * crypto: qat - drop redundant adf_enable_aer() (PED-6401). * crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). * crypto: qat - extend buffer list logic interface (PED-6401). * crypto: qat - extend configuration for 4xxx (PED-6401). * crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). * crypto: qat - fix concurrency issue when device state changes (PED-6401). * crypto: qat - fix crypto capability detection for 4xxx (PED-6401). * crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). * crypto: qat - make fw images name constant (PED-6401). * crypto: qat - make state machine functions static (PED-6401). * crypto: qat - move dbgfs init to separate file (PED-6401). * crypto: qat - move returns to default case (PED-6401). * crypto: qat - refactor device restart logic (PED-6401). * crypto: qat - refactor fw config logic for 4xxx (PED-6401). * crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). * crypto: qat - replace state machine calls (PED-6401). * crypto: qat - replace the if statement with min() (PED-6401). * crypto: qat - set deprecated capabilities as reserved (PED-6401). * crypto: qat - unmap buffer before free for DH (PED-6401). * crypto: qat - unmap buffers before free for RSA (PED-6401). * crypto: qat - update slice mask for 4xxx devices (PED-6401). * crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). * dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git- fixes). * dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). * dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). * drm/amd/display: Do not check registers, if using AUX BL control (git- fixes). * drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). * drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes). * drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes). * drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git- fixes). * drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes). * drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). * drm/amdgpu: add missing NULL check (git-fixes). * drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes). * drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes). * drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes). * drm/atomic-helper: relax unregistered connector check (git-fixes). * drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git- fixes). * drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes). * drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes). * drm/i915: Retry gtt fault when out of fence registers (git-fixes). * drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes). * drm/msm/dp: do not reinitialize phy unless retry during link training (git- fixes). * drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git- fixes). * drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). * drm/msm/dsi: skip the wait for video mode done if not applicable (git- fixes). * drm/vmwgfx: fix typo of sizeof argument (git-fixes). * drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). * firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git- fixes). * firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). * firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). * fix x86/mm: print the encryption features in hyperv is disabled * fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes). * fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880). * gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git- fixes). * gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). * gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). * gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). * gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). * gpio: vf610: set value before the direction to avoid a glitch (git-fixes). * gve: Do not fully free QPL pages on prefill errors (git-fixes). * i2c: aspeed: Fix i2c bus hang in slave read (git-fixes). * i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). * i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git- fixes). * i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git- fixes). * i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). * i2c: mux: gpio:? Replace custom acpi_get_local_address() (git-fixes). * i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes). * i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). * i2c: npcm7xx: Fix callback completion ordering (git-fixes). * i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes). * ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). * iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git- fixes). * iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes). * iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). * iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). * iio: pressure: dps310: Adjust Timeout Settings (git-fixes). * iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). * intel x86 platform vsec kABI workaround (bsc#1216202). * io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes). * io_uring/rw: defer fsnotify calls to task context (git-fixes). * io_uring/rw: ensure kiocb_end_write() is always called (git-fixes). * io_uring/rw: remove leftover debug statement (git-fixes). * io_uring: Replace 0-length array with flexible array (git-fixes). * io_uring: ensure REQ_F_ISREG is set async offload (git-fixes). * io_uring: fix fdinfo sqe offsets calculation (git-fixes). * io_uring: fix memory leak when removing provided buffers (git-fixes). * iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). * iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921) * kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes). * kabi: blkcg_policy_data fix KABI (bsc#1216062). * kabi: workaround for enum nft_trans_phase (bsc#1215104). * kprobes: Prohibit probing on CFI preamble symbol (git-fixes). * leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). * libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880). * libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880). * libceph: add sparse read support to OSD client (jsc#SES-1880). * libceph: add sparse read support to msgr1 (jsc#SES-1880). * libceph: add spinlock around osd->o_requests (jsc#SES-1880). * libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880). * libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880). * libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880). * libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880). * libceph: use kernel_connect() (bsc#1216323). * misc: fastrpc: Clean buffers on remote invocation failures (git-fixes). * mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). * mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). * mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). * mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). * mtd: physmap-core: Restore map_rom fallback (git-fixes). * mtd: rawnand: arasan: Ensure program page operations are successful (git- fixes). * mtd: rawnand: marvell: Ensure program page operations are successful (git- fixes). * mtd: rawnand: pl353: Ensure program page operations are successful (git- fixes). * mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). * mtd: spinand: micron: correct bitmask for ecc status (git-fixes). * net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git- fixes). * net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes). * net: mana: Fix TX CQE error handling (bsc#1215986). * net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). * net: nfc: llcp: Add lock when modifying device list (git-fixes). * net: rfkill: gpio: prevent value glitch during probe (git-fixes). * net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). * net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). * net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). * net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git- fixes). * net: use sk_is_tcp() in more places (git-fixes). * netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). * netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). * nfc: nci: assert requested protocol is valid (git-fixes). * nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git- fixes). * nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). * nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). * phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). * phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). * phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). * pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). * pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). * platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). * platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202). * platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202). * platform/x86/intel/vsec: Rework early hardware code (bsc#1216202). * platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202). * platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202). * platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). * platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git- fixes). * platform/x86: think-lmi: Fix reference leak (git-fixes). * platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). * power: supply: ucs1002: fix error code in ucs1002_get_property() (git- fixes). * quota: Fix slow quotaoff (bsc#1216621). * r8152: Cancel hw_phy_work if we have an error in probe (git-fixes). * r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes). * r8152: Release firmware if we have an error in probe (git-fixes). * r8152: Run the unload routine if we have errors during probe (git-fixes). * r8152: check budget for r8152_poll() (git-fixes). * regmap: fix NULL deref on lookup (git-fixes). * regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). * ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). * ring-buffer: Do not attempt to read past "commit" (git-fixes). * ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). * ring-buffer: Update "shortest_full" in polling (git-fixes). * s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). * s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). * s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). * sched/cpuset: Bring back cpuset_mutex (bsc#1215955). * sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). * sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). * sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). * scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes). * scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes). * scsi: iscsi: Add length check for nlattr payload (git-fixes). * scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes). * scsi: iscsi_tcp: restrict to TCP sockets (git-fixes). * scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes). * scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git- fixes). * scsi: pm8001: Setup IRQs on resume (git-fixes). * scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes). * scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes). * scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes). * scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). * scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes). * selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes). * selftests/bpf: Add reproducer for decl_tag in func_proto argument (git- fixes). * selftests/bpf: Add reproducer for decl_tag in func_proto return type (git- fixes). * selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes). * selftests/bpf: Clean up sys_nanosleep uses (git-fixes). * serial: 8250_port: Check IRQ data before use (git-fixes). * soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git- fixes). * spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). * spi: stm32: add a delay before SPI disable (git-fixes). * spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). * spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). * thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git- fixes). * thunderbolt: Restart XDomain discovery handshake after failure (git-fixes). * thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). * tracing: Have current_trace inc the trace array ref count (git-fixes). * tracing: Have event inject files inc the trace array ref count (git-fixes). * tracing: Have option files inc the trace array ref count (git-fixes). * tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). * tracing: Increase trace array ref count on enable and filter files (git- fixes). * tracing: Make trace_marker{,_raw} stream-like (git-fixes). * treewide: Spelling fix in comment (git-fixes). * usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). * usb: dwc3: Soft reset phy on probe for host (git-fixes). * usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git- fixes). * usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). * usb: hub: Guard against accesses to uninitialized BOS descriptors (git- fixes). * usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). * usb: musb: Modify the "HWVers" register address (git-fixes). * usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). * usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). * usb: serial: option: add entry for Sierra EM9191 with new firmware (git- fixes). * usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git- fixes). * usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git- fixes). * usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). * vmbus_testing: fix wrong python syntax for integer value comparison (git- fixes). * vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). * watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). * watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). * wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). * wifi: cfg80211: avoid leaking stack data into trace (git-fixes). * wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). * wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). * wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). * wifi: mac80211: allow transmitting EAPOL frames with tainted key (git- fixes). * wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). * wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git- fixes). * wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). * wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). * x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). * x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). * x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). * x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). * x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). * x86/cpu: Support AMD Automatic IBRS (bsc#1213772). * x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453). * x86/platform/uv: Use alternate source for socket to node data (bsc#1215696). * x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). * x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). * x86/sev: Disable MMIO emulation from user mode (bsc#1212649). * x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). * xen-netback: use default TX queue size for vifs (git-fixes). * xhci: Keep interrupt disabled in initialization until host is running (git- fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4375=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4375=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4375=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4375=1 openSUSE-SLE-15.5-2023-4375=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4375=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4375=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4375=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4375=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.36.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-default-livepatch-5.14.21-150500.55.36.1 * kernel-livepatch-5_14_21-150500_55_36-default-debuginfo-1-150500.11.5.1 * kernel-livepatch-5_14_21-150500_55_36-default-1-150500.11.5.1 * kernel-default-debuginfo-5.14.21-150500.55.36.1 * kernel-default-livepatch-devel-5.14.21-150500.55.36.1 * kernel-default-debugsource-5.14.21-150500.55.36.1 * kernel-livepatch-SLE15-SP5_Update_7-debugsource-1-150500.11.5.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-debuginfo-5.14.21-150500.55.36.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1 * ocfs2-kmp-default-5.14.21-150500.55.36.1 * dlm-kmp-default-5.14.21-150500.55.36.1 * cluster-md-kmp-default-5.14.21-150500.55.36.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1 * kernel-default-debuginfo-5.14.21-150500.55.36.1 * kernel-default-debugsource-5.14.21-150500.55.36.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.36.1 * gfs2-kmp-default-5.14.21-150500.55.36.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.36.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.36.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * kernel-default-debugsource-5.14.21-150500.55.36.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.36.1 * kernel-default-debuginfo-5.14.21-150500.55.36.1 * kernel-default-extra-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (noarch) * kernel-devel-5.14.21-150500.55.36.1 * kernel-source-vanilla-5.14.21-150500.55.36.1 * kernel-docs-html-5.14.21-150500.55.36.1 * kernel-source-5.14.21-150500.55.36.1 * kernel-macros-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (ppc64le x86_64) * kernel-debug-devel-debuginfo-5.14.21-150500.55.36.1 * kernel-debug-debuginfo-5.14.21-150500.55.36.1 * kernel-debug-devel-5.14.21-150500.55.36.1 * kernel-debug-livepatch-devel-5.14.21-150500.55.36.1 * kernel-debug-debugsource-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (x86_64) * kernel-default-vdso-debuginfo-5.14.21-150500.55.36.1 * kernel-kvmsmall-vdso-5.14.21-150500.55.36.1 * kernel-debug-vdso-5.14.21-150500.55.36.1 * kernel-default-vdso-5.14.21-150500.55.36.1 * kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.36.1 * kernel-debug-vdso-debuginfo-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-5.14.21-150500.55.36.1 * kernel-kvmsmall-debugsource-5.14.21-150500.55.36.1 * kernel-default-base-rebuild-5.14.21-150500.55.36.1.150500.6.15.3 * kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.36.1 * kernel-kvmsmall-debuginfo-5.14.21-150500.55.36.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.36.1 * kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kernel-obs-qa-5.14.21-150500.55.36.1 * kselftests-kmp-default-5.14.21-150500.55.36.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1 * kernel-default-devel-5.14.21-150500.55.36.1 * reiserfs-kmp-default-5.14.21-150500.55.36.1 * kernel-obs-build-debugsource-5.14.21-150500.55.36.1 * kernel-default-optional-debuginfo-5.14.21-150500.55.36.1 * kernel-obs-build-5.14.21-150500.55.36.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.36.1 * kernel-default-livepatch-5.14.21-150500.55.36.1 * kernel-default-extra-5.14.21-150500.55.36.1 * cluster-md-kmp-default-5.14.21-150500.55.36.1 * kernel-default-livepatch-devel-5.14.21-150500.55.36.1 * kselftests-kmp-default-debuginfo-5.14.21-150500.55.36.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.36.1 * ocfs2-kmp-default-5.14.21-150500.55.36.1 * dlm-kmp-default-5.14.21-150500.55.36.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.36.1 * kernel-default-debuginfo-5.14.21-150500.55.36.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.36.1 * kernel-syms-5.14.21-150500.55.36.1 * gfs2-kmp-default-5.14.21-150500.55.36.1 * kernel-default-optional-5.14.21-150500.55.36.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.36.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1 * kernel-default-debugsource-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_7-debugsource-1-150500.11.5.1 * kernel-livepatch-5_14_21-150500_55_36-default-1-150500.11.5.1 * kernel-livepatch-5_14_21-150500_55_36-default-debuginfo-1-150500.11.5.1 * openSUSE Leap 15.5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150500.55.36.1 * kernel-zfcpdump-debuginfo-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (nosrc) * dtb-aarch64-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (aarch64) * dlm-kmp-64kb-debuginfo-5.14.21-150500.55.36.1 * kernel-64kb-debugsource-5.14.21-150500.55.36.1 * ocfs2-kmp-64kb-5.14.21-150500.55.36.1 * reiserfs-kmp-64kb-5.14.21-150500.55.36.1 * kernel-64kb-extra-debuginfo-5.14.21-150500.55.36.1 * kernel-64kb-optional-debuginfo-5.14.21-150500.55.36.1 * dtb-allwinner-5.14.21-150500.55.36.1 * kernel-64kb-livepatch-devel-5.14.21-150500.55.36.1 * dtb-arm-5.14.21-150500.55.36.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.36.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.36.1 * dtb-rockchip-5.14.21-150500.55.36.1 * dtb-socionext-5.14.21-150500.55.36.1 * dtb-altera-5.14.21-150500.55.36.1 * kernel-64kb-devel-5.14.21-150500.55.36.1 * dtb-broadcom-5.14.21-150500.55.36.1 * dtb-cavium-5.14.21-150500.55.36.1 * dtb-freescale-5.14.21-150500.55.36.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.36.1 * dtb-lg-5.14.21-150500.55.36.1 * dtb-amlogic-5.14.21-150500.55.36.1 * kernel-64kb-debuginfo-5.14.21-150500.55.36.1 * dlm-kmp-64kb-5.14.21-150500.55.36.1 * dtb-apple-5.14.21-150500.55.36.1 * dtb-sprd-5.14.21-150500.55.36.1 * dtb-renesas-5.14.21-150500.55.36.1 * dtb-mediatek-5.14.21-150500.55.36.1 * kernel-64kb-extra-5.14.21-150500.55.36.1 * gfs2-kmp-64kb-5.14.21-150500.55.36.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.36.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.36.1 * dtb-qcom-5.14.21-150500.55.36.1 * dtb-apm-5.14.21-150500.55.36.1 * dtb-xilinx-5.14.21-150500.55.36.1 * dtb-nvidia-5.14.21-150500.55.36.1 * kselftests-kmp-64kb-5.14.21-150500.55.36.1 * dtb-exynos-5.14.21-150500.55.36.1 * kernel-64kb-optional-5.14.21-150500.55.36.1 * dtb-amd-5.14.21-150500.55.36.1 * dtb-amazon-5.14.21-150500.55.36.1 * dtb-marvell-5.14.21-150500.55.36.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.36.1 * cluster-md-kmp-64kb-5.14.21-150500.55.36.1 * dtb-hisilicon-5.14.21-150500.55.36.1 * openSUSE Leap 15.5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.36.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150500.55.36.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.36.1 * kernel-default-debuginfo-5.14.21-150500.55.36.1 * Basesystem Module 15-SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.36.1 * Basesystem Module 15-SP5 (aarch64) * kernel-64kb-devel-debuginfo-5.14.21-150500.55.36.1 * kernel-64kb-debugsource-5.14.21-150500.55.36.1 * kernel-64kb-devel-5.14.21-150500.55.36.1 * kernel-64kb-debuginfo-5.14.21-150500.55.36.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.36.1 * Basesystem Module 15-SP5 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.36.1 * kernel-default-devel-5.14.21-150500.55.36.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.36.1 * kernel-default-debuginfo-5.14.21-150500.55.36.1 * Basesystem Module 15-SP5 (noarch) * kernel-macros-5.14.21-150500.55.36.1 * kernel-devel-5.14.21-150500.55.36.1 * Basesystem Module 15-SP5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.36.1 * Basesystem Module 15-SP5 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150500.55.36.1 * kernel-zfcpdump-debuginfo-5.14.21-150500.55.36.1 * Development Tools Module 15-SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.36.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.14.21-150500.55.36.1 * kernel-obs-build-5.14.21-150500.55.36.1 * kernel-syms-5.14.21-150500.55.36.1 * Development Tools Module 15-SP5 (noarch) * kernel-source-5.14.21-150500.55.36.1 * Legacy Module 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.36.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.36.1 * kernel-default-debuginfo-5.14.21-150500.55.36.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.36.1 * reiserfs-kmp-default-5.14.21-150500.55.36.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-39191.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-46813.html * https://www.suse.com/security/cve/CVE-2023-5178.html * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1211162 * https://bugzilla.suse.com/show_bug.cgi?id=1211307 * https://bugzilla.suse.com/show_bug.cgi?id=1212423 * https://bugzilla.suse.com/show_bug.cgi?id=1212649 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1213772 * https://bugzilla.suse.com/show_bug.cgi?id=1214754 * https://bugzilla.suse.com/show_bug.cgi?id=1214874 * https://bugzilla.suse.com/show_bug.cgi?id=1215095 * https://bugzilla.suse.com/show_bug.cgi?id=1215104 * https://bugzilla.suse.com/show_bug.cgi?id=1215523 * https://bugzilla.suse.com/show_bug.cgi?id=1215545 * https://bugzilla.suse.com/show_bug.cgi?id=1215921 * https://bugzilla.suse.com/show_bug.cgi?id=1215955 * https://bugzilla.suse.com/show_bug.cgi?id=1215986 * https://bugzilla.suse.com/show_bug.cgi?id=1216062 * https://bugzilla.suse.com/show_bug.cgi?id=1216202 * https://bugzilla.suse.com/show_bug.cgi?id=1216322 * https://bugzilla.suse.com/show_bug.cgi?id=1216323 * https://bugzilla.suse.com/show_bug.cgi?id=1216324 * https://bugzilla.suse.com/show_bug.cgi?id=1216333 * https://bugzilla.suse.com/show_bug.cgi?id=1216345 * https://bugzilla.suse.com/show_bug.cgi?id=1216512 * https://bugzilla.suse.com/show_bug.cgi?id=1216621 * https://bugzilla.suse.com/show_bug.cgi?id=802154 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 7 08:03:24 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Nov 2023 09:03:24 +0100 (CET) Subject: SUSE-CU-2023:3695-1: Security update of suse/nginx Message-ID: <20231107080324.EC468FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3695-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.29 , suse/nginx:latest Container Release : 5.29 Severity : moderate Type : security References : 1212535 1212881 1212883 1212888 1213273 1213274 1213589 1213590 1214574 CVE-2020-18768 CVE-2023-25433 CVE-2023-26966 CVE-2023-2908 CVE-2023-3316 CVE-2023-3576 CVE-2023-3618 CVE-2023-38288 CVE-2023-38289 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4370-1 Released: Mon Nov 6 09:51:10 2023 Summary: Security update for tiff Type: security Severity: moderate References: 1212535,1212881,1212883,1212888,1213273,1213274,1213589,1213590,1214574,CVE-2020-18768,CVE-2023-25433,CVE-2023-26966,CVE-2023-2908,CVE-2023-3316,CVE-2023-3576,CVE-2023-3618,CVE-2023-38288,CVE-2023-38289 This update for tiff fixes the following issues: - CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff (bsc#1213589). - CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590). - CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273). - CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574). - CVE-2023-26966: Fixed an out of bounds read when transforming a little-endian file to a big-endian output (bsc#1212881) - CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3 files (bsc#1213274). - CVE-2023-2908: Fixed an undefined behavior issue when doing pointer arithmetic on a NULL pointer (bsc#1212888). - CVE-2023-3316: Fixed a NULL pointer dereference while opening a file in an inaccessible path (bsc#1212535). - CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883). The following package changes have been done: - libtiff5-4.0.9-150000.45.32.1 updated From sle-security-updates at lists.suse.com Wed Nov 8 12:30:03 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 08 Nov 2023 12:30:03 -0000 Subject: SUSE-SU-2023:4384-1: important: Security update for squid Message-ID: <169944660363.11019.1883503929701139103@smelt2.prg2.suse.org> # Security update for squid Announcement ID: SUSE-SU-2023:4384-1 Rating: important References: * bsc#1216495 * bsc#1216498 * bsc#1216500 * bsc#1216803 Cross-References: * CVE-2023-46724 * CVE-2023-46846 * CVE-2023-46847 * CVE-2023-46848 CVSS scores: * CVE-2023-46724 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-46724 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-46846 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46846 ( NVD ): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N * CVE-2023-46847 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46847 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H * CVE-2023-46848 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46848 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500). * CVE-2023-46847: Denial of Service in HTTP Digest Authentication (bsc#1216495). * CVE-2023-46724: Fix validation of certificates with CN=* (bsc#1216803). * CVE-2023-46848: Denial of Service in FTP (bsc#1216498). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4384=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4384=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4384=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4384=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4384=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4384=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4384=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4384=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4384=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4384=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4384=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 * SUSE CaaS Platform 4.0 (x86_64) * squid-debugsource-4.17-150000.5.38.1 * squid-debuginfo-4.17-150000.5.38.1 * squid-4.17-150000.5.38.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46724.html * https://www.suse.com/security/cve/CVE-2023-46846.html * https://www.suse.com/security/cve/CVE-2023-46847.html * https://www.suse.com/security/cve/CVE-2023-46848.html * https://bugzilla.suse.com/show_bug.cgi?id=1216495 * https://bugzilla.suse.com/show_bug.cgi?id=1216498 * https://bugzilla.suse.com/show_bug.cgi?id=1216500 * https://bugzilla.suse.com/show_bug.cgi?id=1216803 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 9 08:30:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:30:09 -0000 Subject: SUSE-SU-2023:4412-1: moderate: Maintenance update for SUSE Manager 4.3.9 Release Notes Message-ID: <169951860972.18936.14025656315366476968@smelt2.prg2.suse.org> # Maintenance update for SUSE Manager 4.3.9 Release Notes Announcement ID: SUSE-SU-2023:4412-1 Rating: moderate References: * bsc#1204270 * bsc#1211047 * bsc#1211145 * bsc#1211270 * bsc#1211912 * bsc#1212168 * bsc#1212507 * bsc#1213132 * bsc#1213376 * bsc#1213469 * bsc#1213680 * bsc#1213689 * bsc#1214041 * bsc#1214121 * bsc#1214463 * bsc#1214553 * bsc#1214746 * bsc#1215027 * bsc#1215120 * bsc#1215157 * bsc#1215412 * bsc#1215514 * bsc#1216411 * bsc#1216661 * jsc#MSQA-706 * jsc#SUMA-111 Cross-References: * CVE-2023-34049 CVSS scores: Affected Products: * openSUSE Leap 15.4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability, contains two features and has 23 security fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 ### Description: This update fixes the following issues: release-notes-susemanager-proxy: * Update to SUSE Manager 4.3.9 * Bugs mentioned bsc#1212507, bsc#1216411 ## Security update for SUSE Manager Server 4.3 ### Description: This update fixes the following issues: * Update to SUSE Manager 4.3.9 * Debian 12 support as client * New Update Notification (jsc#SUMA-111) * Monitoring: Grafana upgraded to 9.5.8 * Update 'saltkey' endpoints to accept GET instead of POST * CVEs fixed: CVE-2023-34049 * Bugs mentioned: bsc#1204270, bsc#1211047, bsc#1211145, bsc#1211270, bsc#1211912 bsc#1212168, bsc#1212507, bsc#1213132, bsc#1213376, bsc#1213469 bsc#1213680, bsc#1213689, bsc#1214041, bsc#1214121, bsc#1214463 bsc#1214553, bsc#1214746, bsc#1215027, bsc#1215120, bsc#1215412 bsc#1215514, bsc#1216661, bsc#1215157 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4412=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2023-4412=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2023-4412=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-4412=1 ## Package List: * openSUSE Leap 15.4 (noarch) * release-notes-susemanager-4.3.9-150400.3.90.1 * release-notes-susemanager-proxy-4.3.9-150400.3.69.1 * SUSE Manager Proxy 4.3 (noarch) * release-notes-susemanager-proxy-4.3.9-150400.3.69.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * release-notes-susemanager-proxy-4.3.9-150400.3.69.1 * SUSE Manager Server 4.3 (noarch) * release-notes-susemanager-4.3.9-150400.3.90.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1204270 * https://bugzilla.suse.com/show_bug.cgi?id=1211047 * https://bugzilla.suse.com/show_bug.cgi?id=1211145 * https://bugzilla.suse.com/show_bug.cgi?id=1211270 * https://bugzilla.suse.com/show_bug.cgi?id=1211912 * https://bugzilla.suse.com/show_bug.cgi?id=1212168 * https://bugzilla.suse.com/show_bug.cgi?id=1212507 * https://bugzilla.suse.com/show_bug.cgi?id=1213132 * https://bugzilla.suse.com/show_bug.cgi?id=1213376 * https://bugzilla.suse.com/show_bug.cgi?id=1213469 * https://bugzilla.suse.com/show_bug.cgi?id=1213680 * https://bugzilla.suse.com/show_bug.cgi?id=1213689 * https://bugzilla.suse.com/show_bug.cgi?id=1214041 * https://bugzilla.suse.com/show_bug.cgi?id=1214121 * https://bugzilla.suse.com/show_bug.cgi?id=1214463 * https://bugzilla.suse.com/show_bug.cgi?id=1214553 * https://bugzilla.suse.com/show_bug.cgi?id=1214746 * https://bugzilla.suse.com/show_bug.cgi?id=1215027 * https://bugzilla.suse.com/show_bug.cgi?id=1215120 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://bugzilla.suse.com/show_bug.cgi?id=1215412 * https://bugzilla.suse.com/show_bug.cgi?id=1215514 * https://bugzilla.suse.com/show_bug.cgi?id=1216411 * https://bugzilla.suse.com/show_bug.cgi?id=1216661 * https://jira.suse.com/browse/MSQA-706 * https://jira.suse.com/browse/SUMA-111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 9 08:31:27 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:27 -0000 Subject: SUSE-SU-2023:4390-1: important: Security update for salt Message-ID: <169951868794.18936.15022126452153399965@smelt2.prg2.suse.org> # Security update for salt Announcement ID: SUSE-SU-2023:4390-1 Rating: important References: * bsc#1213293 * bsc#1213518 * bsc#1214477 * bsc#1215157 * jsc#MSQA-706 Cross-References: * CVE-2023-34049 CVSS scores: Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) * Rename salt-tests to python3-salt-testsuite * CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) * Allow all primitive grain types for autosign_grains (bsc#1214477) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4390=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4390=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4390=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * salt-3006.0-150100.112.1 * salt-doc-3006.0-150100.112.1 * salt-api-3006.0-150100.112.1 * salt-cloud-3006.0-150100.112.1 * salt-proxy-3006.0-150100.112.1 * salt-standalone-formulas-configuration-3006.0-150100.112.1 * salt-transactional-update-3006.0-150100.112.1 * salt-master-3006.0-150100.112.1 * salt-minion-3006.0-150100.112.1 * salt-syndic-3006.0-150100.112.1 * python3-salt-3006.0-150100.112.1 * salt-ssh-3006.0-150100.112.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * salt-bash-completion-3006.0-150100.112.1 * salt-fish-completion-3006.0-150100.112.1 * salt-zsh-completion-3006.0-150100.112.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * salt-3006.0-150100.112.1 * salt-doc-3006.0-150100.112.1 * salt-api-3006.0-150100.112.1 * salt-cloud-3006.0-150100.112.1 * salt-proxy-3006.0-150100.112.1 * salt-standalone-formulas-configuration-3006.0-150100.112.1 * salt-transactional-update-3006.0-150100.112.1 * salt-master-3006.0-150100.112.1 * salt-minion-3006.0-150100.112.1 * salt-syndic-3006.0-150100.112.1 * python3-salt-3006.0-150100.112.1 * salt-ssh-3006.0-150100.112.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * salt-bash-completion-3006.0-150100.112.1 * salt-fish-completion-3006.0-150100.112.1 * salt-zsh-completion-3006.0-150100.112.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * salt-3006.0-150100.112.1 * salt-doc-3006.0-150100.112.1 * salt-api-3006.0-150100.112.1 * salt-cloud-3006.0-150100.112.1 * salt-proxy-3006.0-150100.112.1 * salt-standalone-formulas-configuration-3006.0-150100.112.1 * salt-transactional-update-3006.0-150100.112.1 * salt-master-3006.0-150100.112.1 * salt-minion-3006.0-150100.112.1 * salt-syndic-3006.0-150100.112.1 * python3-salt-3006.0-150100.112.1 * salt-ssh-3006.0-150100.112.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * salt-bash-completion-3006.0-150100.112.1 * salt-fish-completion-3006.0-150100.112.1 * salt-zsh-completion-3006.0-150100.112.1 * SUSE CaaS Platform 4.0 (x86_64) * salt-3006.0-150100.112.1 * salt-doc-3006.0-150100.112.1 * salt-api-3006.0-150100.112.1 * salt-cloud-3006.0-150100.112.1 * salt-proxy-3006.0-150100.112.1 * salt-standalone-formulas-configuration-3006.0-150100.112.1 * salt-transactional-update-3006.0-150100.112.1 * salt-master-3006.0-150100.112.1 * salt-minion-3006.0-150100.112.1 * salt-syndic-3006.0-150100.112.1 * python3-salt-3006.0-150100.112.1 * salt-ssh-3006.0-150100.112.1 * SUSE CaaS Platform 4.0 (noarch) * salt-bash-completion-3006.0-150100.112.1 * salt-fish-completion-3006.0-150100.112.1 * salt-zsh-completion-3006.0-150100.112.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 9 08:31:31 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:31 -0000 Subject: SUSE-SU-2023:4389-1: important: Security update for salt Message-ID: <169951869122.18936.18319979842456985391@smelt2.prg2.suse.org> # Security update for salt Announcement ID: SUSE-SU-2023:4389-1 Rating: important References: * bsc#1213293 * bsc#1213518 * bsc#1214477 * bsc#1215157 * jsc#MSQA-706 Cross-References: * CVE-2023-34049 CVSS scores: Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) * Rename salt-tests to python3-salt-testsuite * Allow all primitive grain types for autosign_grains (bsc#1214477) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4389=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4389=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4389=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * python3-salt-3006.0-150200.113.1 * salt-minion-3006.0-150200.113.1 * salt-standalone-formulas-configuration-3006.0-150200.113.1 * salt-3006.0-150200.113.1 * salt-proxy-3006.0-150200.113.1 * salt-ssh-3006.0-150200.113.1 * salt-syndic-3006.0-150200.113.1 * salt-transactional-update-3006.0-150200.113.1 * salt-master-3006.0-150200.113.1 * salt-cloud-3006.0-150200.113.1 * salt-doc-3006.0-150200.113.1 * salt-api-3006.0-150200.113.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * salt-zsh-completion-3006.0-150200.113.1 * salt-fish-completion-3006.0-150200.113.1 * salt-bash-completion-3006.0-150200.113.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * python3-salt-3006.0-150200.113.1 * salt-minion-3006.0-150200.113.1 * salt-standalone-formulas-configuration-3006.0-150200.113.1 * salt-3006.0-150200.113.1 * salt-proxy-3006.0-150200.113.1 * salt-ssh-3006.0-150200.113.1 * salt-syndic-3006.0-150200.113.1 * salt-transactional-update-3006.0-150200.113.1 * salt-master-3006.0-150200.113.1 * salt-cloud-3006.0-150200.113.1 * salt-doc-3006.0-150200.113.1 * salt-api-3006.0-150200.113.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * salt-zsh-completion-3006.0-150200.113.1 * salt-fish-completion-3006.0-150200.113.1 * salt-bash-completion-3006.0-150200.113.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * python3-salt-3006.0-150200.113.1 * salt-minion-3006.0-150200.113.1 * salt-standalone-formulas-configuration-3006.0-150200.113.1 * salt-3006.0-150200.113.1 * salt-proxy-3006.0-150200.113.1 * salt-ssh-3006.0-150200.113.1 * salt-syndic-3006.0-150200.113.1 * salt-master-3006.0-150200.113.1 * salt-cloud-3006.0-150200.113.1 * salt-doc-3006.0-150200.113.1 * salt-api-3006.0-150200.113.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * salt-zsh-completion-3006.0-150200.113.1 * salt-fish-completion-3006.0-150200.113.1 * salt-bash-completion-3006.0-150200.113.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 9 08:31:35 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:35 -0000 Subject: SUSE-SU-2023:4388-1: important: Security update for salt Message-ID: <169951869516.18936.2626094301237798405@smelt2.prg2.suse.org> # Security update for salt Announcement ID: SUSE-SU-2023:4388-1 Rating: important References: * bsc#1213293 * bsc#1213518 * bsc#1214477 * bsc#1215157 * jsc#MSQA-706 Cross-References: * CVE-2023-34049 CVSS scores: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) * Rename salt-tests to python3-salt-testsuite * Allow all primitive grain types for autosign_grains (bsc#1214477) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4388=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4388=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4388=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4388=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4388=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4388=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4388=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4388=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4388=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4388=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4388=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4388=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4388=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4388=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4388=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4388=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4388=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4388=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4388=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4388=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python2-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-3.17.2-150300.3.4.1 * salt-proxy-3006.0-150300.53.65.2 * salt-minion-3006.0-150300.53.65.2 * salt-ssh-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-doc-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-master-3006.0-150300.53.65.2 * salt-standalone-formulas-configuration-3006.0-150300.53.65.2 * salt-transactional-update-3006.0-150300.53.65.2 * salt-api-3006.0-150300.53.65.2 * salt-3006.0-150300.53.65.2 * salt-syndic-3006.0-150300.53.65.2 * python2-simplejson-3.17.2-150300.3.4.1 * python3-salt-3006.0-150300.53.65.2 * python3-salt-testsuite-3006.0-150300.53.65.2 * salt-cloud-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * openSUSE Leap 15.3 (noarch) * salt-bash-completion-3006.0-150300.53.65.2 * salt-fish-completion-3006.0-150300.53.65.2 * salt-zsh-completion-3006.0-150300.53.65.2 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-proxy-3006.0-150300.53.65.2 * salt-minion-3006.0-150300.53.65.2 * salt-ssh-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-master-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-standalone-formulas-configuration-3006.0-150300.53.65.2 * salt-api-3006.0-150300.53.65.2 * salt-3006.0-150300.53.65.2 * salt-syndic-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * salt-doc-3006.0-150300.53.65.2 * salt-cloud-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * salt-bash-completion-3006.0-150300.53.65.2 * salt-fish-completion-3006.0-150300.53.65.2 * salt-zsh-completion-3006.0-150300.53.65.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-proxy-3006.0-150300.53.65.2 * salt-minion-3006.0-150300.53.65.2 * salt-ssh-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-master-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-standalone-formulas-configuration-3006.0-150300.53.65.2 * salt-api-3006.0-150300.53.65.2 * salt-3006.0-150300.53.65.2 * salt-syndic-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * salt-doc-3006.0-150300.53.65.2 * salt-cloud-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * salt-bash-completion-3006.0-150300.53.65.2 * salt-fish-completion-3006.0-150300.53.65.2 * salt-zsh-completion-3006.0-150300.53.65.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-proxy-3006.0-150300.53.65.2 * salt-minion-3006.0-150300.53.65.2 * salt-ssh-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-master-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-standalone-formulas-configuration-3006.0-150300.53.65.2 * salt-transactional-update-3006.0-150300.53.65.2 * salt-api-3006.0-150300.53.65.2 * salt-3006.0-150300.53.65.2 * salt-syndic-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * salt-doc-3006.0-150300.53.65.2 * salt-cloud-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * salt-bash-completion-3006.0-150300.53.65.2 * salt-fish-completion-3006.0-150300.53.65.2 * salt-zsh-completion-3006.0-150300.53.65.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-proxy-3006.0-150300.53.65.2 * salt-minion-3006.0-150300.53.65.2 * salt-ssh-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-master-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-standalone-formulas-configuration-3006.0-150300.53.65.2 * salt-api-3006.0-150300.53.65.2 * salt-3006.0-150300.53.65.2 * salt-syndic-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * salt-doc-3006.0-150300.53.65.2 * salt-cloud-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * salt-bash-completion-3006.0-150300.53.65.2 * salt-fish-completion-3006.0-150300.53.65.2 * salt-zsh-completion-3006.0-150300.53.65.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-proxy-3006.0-150300.53.65.2 * salt-minion-3006.0-150300.53.65.2 * salt-ssh-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-master-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-standalone-formulas-configuration-3006.0-150300.53.65.2 * salt-transactional-update-3006.0-150300.53.65.2 * salt-api-3006.0-150300.53.65.2 * salt-3006.0-150300.53.65.2 * salt-syndic-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * salt-doc-3006.0-150300.53.65.2 * salt-cloud-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Enterprise Storage 7.1 (noarch) * salt-bash-completion-3006.0-150300.53.65.2 * salt-fish-completion-3006.0-150300.53.65.2 * salt-zsh-completion-3006.0-150300.53.65.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-minion-3006.0-150300.53.65.2 * salt-transactional-update-3006.0-150300.53.65.2 * salt-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-minion-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-transactional-update-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-simplejson-3.17.2-150300.3.4.1 * salt-minion-3006.0-150300.53.65.2 * python-simplejson-debugsource-3.17.2-150300.3.4.1 * salt-transactional-update-3006.0-150300.53.65.2 * python-simplejson-debuginfo-3.17.2-150300.3.4.1 * salt-3006.0-150300.53.65.2 * python3-salt-3006.0-150300.53.65.2 * python3-simplejson-debuginfo-3.17.2-150300.3.4.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 9 08:31:40 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:40 -0000 Subject: SUSE-SU-2023:4387-1: important: Security update for salt Message-ID: <169951870038.18936.3683575996395406089@smelt2.prg2.suse.org> # Security update for salt Announcement ID: SUSE-SU-2023:4387-1 Rating: important References: * bsc#1213293 * bsc#1213518 * bsc#1214477 * bsc#1215157 * jsc#MSQA-706 Cross-References: * CVE-2023-34049 CVSS scores: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Transactional Server Module 15-SP4 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) * Rename salt-tests to python3-salt-testsuite * Allow all primitive grain types for autosign_grains (bsc#1214477) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4387=1 SUSE-2023-4387=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4387=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4387=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4387=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4387=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4387=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4387=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4387=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4387=1 * Transactional Server Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP4-2023-4387=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * salt-master-3006.0-150400.8.49.2 * salt-proxy-3006.0-150400.8.49.2 * salt-transactional-update-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * salt-standalone-formulas-configuration-3006.0-150400.8.49.2 * salt-minion-3006.0-150400.8.49.2 * salt-syndic-3006.0-150400.8.49.2 * salt-doc-3006.0-150400.8.49.2 * python3-salt-testsuite-3006.0-150400.8.49.2 * salt-api-3006.0-150400.8.49.2 * salt-cloud-3006.0-150400.8.49.2 * salt-ssh-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * openSUSE Leap 15.4 (noarch) * salt-bash-completion-3006.0-150400.8.49.2 * salt-fish-completion-3006.0-150400.8.49.2 * salt-zsh-completion-3006.0-150400.8.49.2 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * salt-minion-3006.0-150400.8.49.2 * salt-transactional-update-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * salt-minion-3006.0-150400.8.49.2 * salt-transactional-update-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * salt-minion-3006.0-150400.8.49.2 * salt-transactional-update-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * salt-minion-3006.0-150400.8.49.2 * salt-transactional-update-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * salt-minion-3006.0-150400.8.49.2 * salt-transactional-update-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * salt-minion-3006.0-150400.8.49.2 * salt-transactional-update-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * salt-minion-3006.0-150400.8.49.2 * salt-doc-3006.0-150400.8.49.2 * salt-3006.0-150400.8.49.2 * python3-salt-3006.0-150400.8.49.2 * Basesystem Module 15-SP4 (noarch) * salt-bash-completion-3006.0-150400.8.49.2 * salt-zsh-completion-3006.0-150400.8.49.2 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * salt-master-3006.0-150400.8.49.2 * salt-proxy-3006.0-150400.8.49.2 * salt-standalone-formulas-configuration-3006.0-150400.8.49.2 * salt-syndic-3006.0-150400.8.49.2 * salt-api-3006.0-150400.8.49.2 * salt-cloud-3006.0-150400.8.49.2 * salt-ssh-3006.0-150400.8.49.2 * Server Applications Module 15-SP4 (noarch) * salt-fish-completion-3006.0-150400.8.49.2 * Transactional Server Module 15-SP4 (aarch64 ppc64le s390x x86_64) * salt-transactional-update-3006.0-150400.8.49.2 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 9 08:31:44 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 09 Nov 2023 08:31:44 -0000 Subject: SUSE-SU-2023:4386-1: important: Security update for salt Message-ID: <169951870407.18936.4029007668709612306@smelt2.prg2.suse.org> # Security update for salt Announcement ID: SUSE-SU-2023:4386-1 Rating: important References: * bsc#1213293 * bsc#1213518 * bsc#1214477 * bsc#1215157 * jsc#MSQA-706 Cross-References: * CVE-2023-34049 CVSS scores: Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * Transactional Server Module 15-SP5 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails (bsc#1213293) * Use salt-call from salt bundle with transactional_update * Only call native_str on curl_debug message in tornado when needed * Implement the calling for batch async from the salt CLI * Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) * Rename salt-tests to python3-salt-testsuite * Allow all primitive grain types for autosign_grains (bsc#1214477) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4386=1 SUSE-2023-4386=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4386=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4386=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4386=1 * Transactional Server Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP5-2023-4386=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * salt-proxy-3006.0-150500.4.24.2 * salt-standalone-formulas-configuration-3006.0-150500.4.24.2 * salt-3006.0-150500.4.24.2 * salt-cloud-3006.0-150500.4.24.2 * salt-master-3006.0-150500.4.24.2 * salt-api-3006.0-150500.4.24.2 * salt-minion-3006.0-150500.4.24.2 * salt-syndic-3006.0-150500.4.24.2 * python3-salt-3006.0-150500.4.24.2 * salt-transactional-update-3006.0-150500.4.24.2 * salt-doc-3006.0-150500.4.24.2 * python3-salt-testsuite-3006.0-150500.4.24.2 * salt-ssh-3006.0-150500.4.24.2 * openSUSE Leap 15.5 (noarch) * salt-bash-completion-3006.0-150500.4.24.2 * salt-fish-completion-3006.0-150500.4.24.2 * salt-zsh-completion-3006.0-150500.4.24.2 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * salt-3006.0-150500.4.24.2 * salt-minion-3006.0-150500.4.24.2 * python3-salt-3006.0-150500.4.24.2 * salt-transactional-update-3006.0-150500.4.24.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * salt-doc-3006.0-150500.4.24.2 * salt-3006.0-150500.4.24.2 * salt-minion-3006.0-150500.4.24.2 * python3-salt-3006.0-150500.4.24.2 * Basesystem Module 15-SP5 (noarch) * salt-bash-completion-3006.0-150500.4.24.2 * salt-zsh-completion-3006.0-150500.4.24.2 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * salt-proxy-3006.0-150500.4.24.2 * salt-standalone-formulas-configuration-3006.0-150500.4.24.2 * salt-cloud-3006.0-150500.4.24.2 * salt-master-3006.0-150500.4.24.2 * salt-api-3006.0-150500.4.24.2 * salt-syndic-3006.0-150500.4.24.2 * salt-ssh-3006.0-150500.4.24.2 * Server Applications Module 15-SP5 (noarch) * salt-fish-completion-3006.0-150500.4.24.2 * Transactional Server Module 15-SP5 (aarch64 ppc64le s390x x86_64) * salt-transactional-update-3006.0-150500.4.24.2 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213293 * https://bugzilla.suse.com/show_bug.cgi?id=1213518 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://jira.suse.com/browse/MSQA-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 10 10:08:02 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Nov 2023 11:08:02 +0100 (CET) Subject: SUSE-CU-2023:3696-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231110100802.00CB1FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3696-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.2 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.2 Container Release : 9.40.2 Severity : important Type : security References : 1204270 1204270 1211047 1211047 1211145 1211145 1211270 1211270 1211912 1211912 1212168 1212168 1212507 1212507 1213132 1213132 1213376 1213376 1213469 1213469 1213680 1213680 1213689 1213689 1214041 1214041 1214121 1214121 1214463 1214463 1214553 1214553 1214746 1214746 1215027 1215027 1215120 1215120 1215157 1215412 1215412 1215514 1215514 1216411 1216411 1216661 1216661 CVE-2023-34049 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4385-1 Released: Thu Nov 9 03:30:32 2023 Summary: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Type: recommended Severity: important References: 1204270,1211047,1211145,1211270,1211912,1212168,1212507,1213132,1213376,1213469,1213680,1213689,1214041,1214121,1214463,1214553,1214746,1215027,1215120,1215412,1215514,1216411,1216661 Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4412-1 Released: Thu Nov 9 03:49:51 2023 Summary: Maintenance update for SUSE Manager 4.3.9 Release Notes Type: security Severity: moderate References: 1204270,1211047,1211145,1211270,1211912,1212168,1212507,1213132,1213376,1213469,1213680,1213689,1214041,1214121,1214463,1214553,1214746,1215027,1215120,1215157,1215412,1215514,1216411,1216661,CVE-2023-34049 Maintenance update for SUSE Manager 4.3.9 Release Notes: This is a codestream only update The following package changes have been done: - release-notes-susemanager-proxy-4.3.9-150400.3.69.1 updated - apache2-mod_wsgi-4.7.1-150400.3.7.7 updated - spacewalk-backend-4.3.24-150400.3.30.16 updated - python3-spacewalk-client-tools-4.3.16-150400.3.18.13 updated - spacewalk-client-tools-4.3.16-150400.3.18.13 updated From sle-security-updates at lists.suse.com Fri Nov 10 20:30:05 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Nov 2023 20:30:05 -0000 Subject: SUSE-SU-2023:4415-1: important: Security update for clamav Message-ID: <169964820527.20587.13781717228525699871@smelt2.prg2.suse.org> # Security update for clamav Announcement ID: SUSE-SU-2023:4415-1 Rating: important References: * bsc#1216625 Cross-References: * CVE-2023-40477 CVSS scores: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for clamav fixes the following issues: * Updated to version 0.103.11: * CVE-2023-40477: Updated libclamunrar dependency to version 6.2.12 (bsc#1216625). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4415=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4415=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4415=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4415=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4415=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4415=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4415=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4415=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4415=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4415=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4415=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4415=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4415=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4415=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4415=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4415=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4415=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4415=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Manager Proxy 4.2 (x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 * SUSE CaaS Platform 4.0 (x86_64) * clamav-0.103.11-150000.3.50.1 * clamav-debuginfo-0.103.11-150000.3.50.1 * libclamav9-debuginfo-0.103.11-150000.3.50.1 * libfreshclam2-debuginfo-0.103.11-150000.3.50.1 * clamav-debugsource-0.103.11-150000.3.50.1 * libclamav9-0.103.11-150000.3.50.1 * libfreshclam2-0.103.11-150000.3.50.1 * clamav-devel-0.103.11-150000.3.50.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40477.html * https://bugzilla.suse.com/show_bug.cgi?id=1216625 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 10 20:30:17 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Nov 2023 20:30:17 -0000 Subject: SUSE-SU-2023:4414-1: important: Security update for the Linux Kernel Message-ID: <169964821742.20587.4635243894358845536@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4414-1 Rating: important References: * bsc#1208788 * bsc#1211162 * bsc#1211307 * bsc#1212423 * bsc#1213705 * bsc#1213772 * bsc#1214754 * bsc#1214874 * bsc#1215104 * bsc#1215523 * bsc#1215545 * bsc#1215921 * bsc#1215955 * bsc#1215986 * bsc#1216062 * bsc#1216202 * bsc#1216322 * bsc#1216323 * bsc#1216324 * bsc#1216333 * bsc#1216345 * bsc#1216512 Cross-References: * CVE-2023-2163 * CVE-2023-2860 * CVE-2023-31085 * CVE-2023-34324 * CVE-2023-3777 * CVE-2023-39189 * CVE-2023-39191 * CVE-2023-39193 * CVE-2023-45862 * CVE-2023-46813 * CVE-2023-5178 CVSS scores: * CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2023-2860 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2860 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39191 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39191 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46813 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-46813 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 11 vulnerabilities and has 11 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) * CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649). * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) * CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user- supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863) * CVE-2023-2860: Fixed an out-of-bounds read vulnerability in the processing of seg6 attributes. This flaw allowed a privileged local user to disclose sensitive information. (bsc#1211592) The following non-security bugs were fixed: * 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). * ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). * ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). * ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes). * ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes). * ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). * ALSA: hda/realtek - Fixed two speaker platform (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes). * ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). * ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes). * ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). * ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes). * ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes). * ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes). * ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). * ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes). * ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git- fixes). * ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). * ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). * ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). * ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). * ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). * ASoC: pxa: fix a memory leak in probe() (git-fixes). * Bluetooth: Avoid redundant authentication (git-fixes). * Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). * Bluetooth: ISO: Fix handling of listen for unicast (git-fixes). * Bluetooth: Reject connection with the device which has same BD_ADDR (git- fixes). * Bluetooth: avoid memcmp() out of bounds warning (git-fixes). * Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). * Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes). * Bluetooth: hci_event: Fix coding style (git-fixes). * Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). * Bluetooth: hci_event: Ignore NULL link key (git-fixes). * Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). * Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). * Bluetooth: vhci: Fix race when opening vhci device (git-fixes). * Documentation: qat: change kernel version (PED-6401). * Documentation: qat: rewrite description (PED-6401). * Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git- fixes). * Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git- fixes). * Drop amdgpu patch causing spamming (bsc#1215523). * HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git- fixes). * HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). * HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git- fixes). * HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). * HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). * HID: sony: remove duplicate NULL check before calling usb_free_urb() (git- fixes). * IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) * Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). * Input: powermate - fix use-after-free in powermate_config_complete (git- fixes). * Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). * Input: xpad - add PXN V900 support (git-fixes). * KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git- fixes). * KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes). * KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). * KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). * KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). * KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). * KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). * KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). * KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). * KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). * NFS: Fix O_DIRECT locking issues (bsc#1211162). * NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). * NFS: Fix a potential data corruption (bsc#1211162). * NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). * NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). * NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). * NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). * NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). * NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545). * RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) * RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) * RDMA/core: Require admin capabilities to set system parameters (git-fixes) * RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) * RDMA/mlx5: Fix NULL string error (git-fixes) * RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes) * RDMA/siw: Fix connection failure handling (git-fixes) * RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) * RDMA/uverbs: Fix typo of sizeof argument (git-fixes) * Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" (git-fixes). * Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (git-fixes). * USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). * USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). * USB: serial: option: add entry for Sierra EM9191 with new firmware (git- fixes). * arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921) * ata: libata-core: Do not register PM operations for SAS ports (git-fixes). * ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). * ata: libata-core: Fix port and device removal (git-fixes). * ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). * ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). * blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). * blk-cgroup: support to track if policy is online (bsc#1216062). * bonding: Fix extraction of ports from the packet headers (bsc#1214754). * bonding: Return pointer to data after pull on skb (bsc#1214754). * bonding: do not assume skb mac_header is set (bsc#1214754). * bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes). * bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes). * bpf: Add override check to kprobe multi link attach (git-fixes). * bpf: Add zero_map_value to zero map value with special fields (git-fixes). * bpf: Cleanup check_refcount_ok (git-fixes). * bpf: Fix max stack depth check for async callbacks (git-fixes). * bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes). * bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes). * bpf: Fix resetting logic for unreferenced kptrs (git-fixes). * bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes). * bpf: Gate dynptr API behind CAP_BPF (git-fixes). * bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes). * bpf: Repeat check_max_stack_depth for async callbacks (git-fixes). * bpf: Tighten ptr_to_btf_id checks (git-fixes). * bpf: fix precision propagation verbose logging (git-fixes). * bpf: prevent decl_tag from being referenced in func_proto (git-fixes). * bpf: propagate precision across all frames, not just the last one (git- fixes). * bpf: propagate precision in ALU/ALU64 operations (git-fixes). * btf: Export bpf_dynptr definition (git-fixes). * btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874). * bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). * bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git- fixes). * ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880). * ceph: add encryption support to writepage and writepages (jsc#SES-1880). * ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880). * ceph: add helpers for converting names for userland presentation (jsc#SES-1880). * ceph: add infrastructure for file encryption and decryption (jsc#SES-1880). * ceph: add new mount option to enable sparse reads (jsc#SES-1880). * ceph: add object version support for sync read (jsc#SES-1880). * ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880). * ceph: add some fscrypt guardrails (jsc#SES-1880). * ceph: add support for encrypted snapshot names (jsc#SES-1880). * ceph: add support to readdir for encrypted names (jsc#SES-1880). * ceph: add truncate size handling support for fscrypt (jsc#SES-1880). * ceph: align data in pages in ceph_sync_write (jsc#SES-1880). * ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880). * ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880). * ceph: decode alternate_name in lease info (jsc#SES-1880). * ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880). * ceph: drop messages from MDS when unmounting (jsc#SES-1880). * ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880). * ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322). * ceph: fix type promotion bug on 32bit systems (bsc#1216324). * ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880). * ceph: fscrypt_auth handling for ceph (jsc#SES-1880). * ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880). * ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880). * ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880). * ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880). * ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880). * ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880). * ceph: make ioctl cmds more readable in debug log (jsc#SES-1880). * ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880). * ceph: mark directory as non-complete after loading key (jsc#SES-1880). * ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880). * ceph: plumb in decryption during reads (jsc#SES-1880). * ceph: preallocate inode for ops that may create one (jsc#SES-1880). * ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880). * ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333). * ceph: send alternate_name in MClientRequest (jsc#SES-1880). * ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880). * ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880). * ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880). * ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880). * ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880). * ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880). * cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). * cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). * clk: tegra: fix error return case for recalc_rate (git-fixes). * counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git- fixes). * crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). * crypto: qat - Remove unused function declarations (PED-6401). * crypto: qat - add fw_counters debugfs file (PED-6401). * crypto: qat - add heartbeat counters check (PED-6401). * crypto: qat - add heartbeat feature (PED-6401). * crypto: qat - add internal timer for qat 4xxx (PED-6401). * crypto: qat - add measure clock frequency (PED-6401). * crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). * crypto: qat - add qat_zlib_deflate (PED-6401). * crypto: qat - add support for 402xx devices (PED-6401). * crypto: qat - change value of default idle filter (PED-6401). * crypto: qat - delay sysfs initialization (PED-6401). * crypto: qat - do not export adf_init_admin_pm() (PED-6401). * crypto: qat - drop log level of msg in get_instance_node() (PED-6401). * crypto: qat - drop obsolete heartbeat interface (PED-6401). * crypto: qat - drop redundant adf_enable_aer() (PED-6401). * crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). * crypto: qat - extend buffer list logic interface (PED-6401). * crypto: qat - extend configuration for 4xxx (PED-6401). * crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). * crypto: qat - fix concurrency issue when device state changes (PED-6401). * crypto: qat - fix crypto capability detection for 4xxx (PED-6401). * crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). * crypto: qat - make fw images name constant (PED-6401). * crypto: qat - make state machine functions static (PED-6401). * crypto: qat - move dbgfs init to separate file (PED-6401). * crypto: qat - move returns to default case (PED-6401). * crypto: qat - refactor device restart logic (PED-6401). * crypto: qat - refactor fw config logic for 4xxx (PED-6401). * crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). * crypto: qat - replace state machine calls (PED-6401). * crypto: qat - replace the if statement with min() (PED-6401). * crypto: qat - set deprecated capabilities as reserved (PED-6401). * crypto: qat - unmap buffer before free for DH (PED-6401). * crypto: qat - unmap buffers before free for RSA (PED-6401). * crypto: qat - update slice mask for 4xxx devices (PED-6401). * crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). * dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git- fixes). * dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). * dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). * drm/amd/display: Do not check registers, if using AUX BL control (git- fixes). * drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). * drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes). * drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes). * drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git- fixes). * drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes). * drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). * drm/amdgpu: add missing NULL check (git-fixes). * drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes). * drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes). * drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes). * drm/atomic-helper: relax unregistered connector check (git-fixes). * drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git- fixes). * drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes). * drm/i915: Retry gtt fault when out of fence registers (git-fixes). * drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes). * drm/msm/dp: do not reinitialize phy unless retry during link training (git- fixes). * drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git- fixes). * drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). * drm/msm/dsi: skip the wait for video mode done if not applicable (git- fixes). * drm/vmwgfx: fix typo of sizeof argument (git-fixes). * drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). * firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). * firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). * fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes). * fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880). * gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git- fixes). * gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). * gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). * gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). * gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). * gpio: vf610: set value before the direction to avoid a glitch (git-fixes). * gve: Do not fully free QPL pages on prefill errors (git-fixes). * i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). * i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git- fixes). * i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git- fixes). * i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). * i2c: mux: gpio:? Replace custom acpi_get_local_address() (git-fixes). * i2c: npcm7xx: Fix callback completion ordering (git-fixes). * ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). * iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). * iio: pressure: dps310: Adjust Timeout Settings (git-fixes). * iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). * intel x86 platform vsec kABI workaround (bsc#1216202). * io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes). * io_uring/rw: defer fsnotify calls to task context (git-fixes). * io_uring/rw: ensure kiocb_end_write() is always called (git-fixes). * io_uring/rw: remove leftover debug statement (git-fixes). * io_uring: Replace 0-length array with flexible array (git-fixes). * io_uring: ensure REQ_F_ISREG is set async offload (git-fixes). * io_uring: fix fdinfo sqe offsets calculation (git-fixes). * io_uring: fix memory leak when removing provided buffers (git-fixes). * iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). * iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921) * kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes). * kabi: blkcg_policy_data fix KABI (bsc#1216062). * kabi: workaround for enum nft_trans_phase (bsc#1215104). * kprobes: Prohibit probing on CFI preamble symbol (git-fixes). * leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). * libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880). * libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880). * libceph: add sparse read support to OSD client (jsc#SES-1880). * libceph: add sparse read support to msgr1 (jsc#SES-1880). * libceph: add spinlock around osd->o_requests (jsc#SES-1880). * libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880). * libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880). * libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880). * libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880). * libceph: use kernel_connect() (bsc#1216323). * mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). * mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). * mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). * mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). * mtd: physmap-core: Restore map_rom fallback (git-fixes). * mtd: rawnand: arasan: Ensure program page operations are successful (git- fixes). * mtd: rawnand: marvell: Ensure program page operations are successful (git- fixes). * mtd: rawnand: pl353: Ensure program page operations are successful (git- fixes). * mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). * mtd: spinand: micron: correct bitmask for ecc status (git-fixes). * net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git- fixes). * net: mana: Fix TX CQE error handling (bsc#1215986). * net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). * net: nfc: llcp: Add lock when modifying device list (git-fixes). * net: rfkill: gpio: prevent value glitch during probe (git-fixes). * net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). * net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). * net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git- fixes). * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git- fixes). * net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). * net: use sk_is_tcp() in more places (git-fixes). * netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). * netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). * nfc: nci: assert requested protocol is valid (git-fixes). * nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git- fixes). * nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). * nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). * nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). * phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). * phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). * phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). * pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). * pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). * platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). * platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202). * platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202). * platform/x86/intel/vsec: Rework early hardware code (bsc#1216202). * platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202). * platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202). * platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). * platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git- fixes). * platform/x86: think-lmi: Fix reference leak (git-fixes). * platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). * power: supply: ucs1002: fix error code in ucs1002_get_property() (git- fixes). * quota: Fix slow quotaoff (bsc#1216621). * r8152: check budget for r8152_poll() (git-fixes). * regmap: fix NULL deref on lookup (git-fixes). * regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). * remove unnecessary WARN_ON_ONCE() (bsc#1214823). * ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). * ring-buffer: Do not attempt to read past "commit" (git-fixes). * ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). * ring-buffer: Update "shortest_full" in polling (git-fixes). * s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). * s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). * sched/cpuset: Bring back cpuset_mutex (bsc#1215955). * sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). * sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). * sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). * scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes). * scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes). * scsi: iscsi: Add length check for nlattr payload (git-fixes). * scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes). * scsi: iscsi_tcp: restrict to TCP sockets (git-fixes). * scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes). * scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git- fixes). * scsi: pm8001: Setup IRQs on resume (git-fixes). * scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes). * scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes). * scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes). * scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). * scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes). * selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes). * selftests/bpf: Add reproducer for decl_tag in func_proto argument (git- fixes). * selftests/bpf: Add reproducer for decl_tag in func_proto return type (git- fixes). * selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes). * selftests/bpf: Clean up sys_nanosleep uses (git-fixes). * serial: 8250_port: Check IRQ data before use (git-fixes). * soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git- fixes). * spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). * spi: stm32: add a delay before SPI disable (git-fixes). * spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). * spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). * thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git- fixes). * thunderbolt: Restart XDomain discovery handshake after failure (git-fixes). * thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). * tracing: Have current_trace inc the trace array ref count (git-fixes). * tracing: Have event inject files inc the trace array ref count (git-fixes). * tracing: Have option files inc the trace array ref count (git-fixes). * tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). * tracing: Increase trace array ref count on enable and filter files (git- fixes). * tracing: Make trace_marker{,_raw} stream-like (git-fixes). * usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). * usb: dwc3: Soft reset phy on probe for host (git-fixes). * usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git- fixes). * usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). * usb: hub: Guard against accesses to uninitialized BOS descriptors (git- fixes). * usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). * usb: musb: Modify the "HWVers" register address (git-fixes). * usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git- fixes). * usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git- fixes). * usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). * vmbus_testing: fix wrong python syntax for integer value comparison (git- fixes). * vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). * watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). * watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). * wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). * wifi: cfg80211: avoid leaking stack data into trace (git-fixes). * wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). * wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). * wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). * wifi: mac80211: allow transmitting EAPOL frames with tainted key (git- fixes). * wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). * wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git- fixes). * wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). * wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). * x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). * x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). * x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). * x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). * x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). * x86/cpu: Support AMD Automatic IBRS (bsc#1213772). * x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453). * x86/platform/uv: Use alternate source for socket to node data (bsc#1215696). * x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). * x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). * x86/sev: Disable MMIO emulation from user mode (bsc#1212649). * x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). * xen-netback: use default TX queue size for vifs (git-fixes). * xhci: Keep interrupt disabled in initialization until host is running (git- fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4414=1 openSUSE-SLE-15.5-2023-4414=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4414=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * dlm-kmp-azure-5.14.21-150500.33.23.1 * kernel-azure-debugsource-5.14.21-150500.33.23.1 * reiserfs-kmp-azure-5.14.21-150500.33.23.1 * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.23.1 * gfs2-kmp-azure-5.14.21-150500.33.23.1 * kernel-azure-debuginfo-5.14.21-150500.33.23.1 * cluster-md-kmp-azure-5.14.21-150500.33.23.1 * kernel-azure-optional-debuginfo-5.14.21-150500.33.23.1 * kernel-syms-azure-5.14.21-150500.33.23.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.23.1 * ocfs2-kmp-azure-5.14.21-150500.33.23.1 * kernel-azure-livepatch-devel-5.14.21-150500.33.23.1 * kernel-azure-devel-5.14.21-150500.33.23.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.23.1 * kernel-azure-extra-debuginfo-5.14.21-150500.33.23.1 * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.23.1 * kernel-azure-optional-5.14.21-150500.33.23.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.23.1 * dlm-kmp-azure-debuginfo-5.14.21-150500.33.23.1 * kernel-azure-extra-5.14.21-150500.33.23.1 * kselftests-kmp-azure-5.14.21-150500.33.23.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.23.1 * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.23.1 * openSUSE Leap 15.5 (x86_64) * kernel-azure-vdso-debuginfo-5.14.21-150500.33.23.1 * kernel-azure-vdso-5.14.21-150500.33.23.1 * openSUSE Leap 15.5 (noarch) * kernel-source-azure-5.14.21-150500.33.23.1 * kernel-devel-azure-5.14.21-150500.33.23.1 * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.23.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * kernel-azure-debugsource-5.14.21-150500.33.23.1 * kernel-azure-devel-5.14.21-150500.33.23.1 * kernel-syms-azure-5.14.21-150500.33.23.1 * kernel-azure-debuginfo-5.14.21-150500.33.23.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.23.1 * Public Cloud Module 15-SP5 (noarch) * kernel-source-azure-5.14.21-150500.33.23.1 * kernel-devel-azure-5.14.21-150500.33.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2163.html * https://www.suse.com/security/cve/CVE-2023-2860.html * https://www.suse.com/security/cve/CVE-2023-31085.html * https://www.suse.com/security/cve/CVE-2023-34324.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-39189.html * https://www.suse.com/security/cve/CVE-2023-39191.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-45862.html * https://www.suse.com/security/cve/CVE-2023-46813.html * https://www.suse.com/security/cve/CVE-2023-5178.html * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1211162 * https://bugzilla.suse.com/show_bug.cgi?id=1211307 * https://bugzilla.suse.com/show_bug.cgi?id=1212423 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1213772 * https://bugzilla.suse.com/show_bug.cgi?id=1214754 * https://bugzilla.suse.com/show_bug.cgi?id=1214874 * https://bugzilla.suse.com/show_bug.cgi?id=1215104 * https://bugzilla.suse.com/show_bug.cgi?id=1215523 * https://bugzilla.suse.com/show_bug.cgi?id=1215545 * https://bugzilla.suse.com/show_bug.cgi?id=1215921 * https://bugzilla.suse.com/show_bug.cgi?id=1215955 * https://bugzilla.suse.com/show_bug.cgi?id=1215986 * https://bugzilla.suse.com/show_bug.cgi?id=1216062 * https://bugzilla.suse.com/show_bug.cgi?id=1216202 * https://bugzilla.suse.com/show_bug.cgi?id=1216322 * https://bugzilla.suse.com/show_bug.cgi?id=1216323 * https://bugzilla.suse.com/show_bug.cgi?id=1216324 * https://bugzilla.suse.com/show_bug.cgi?id=1216333 * https://bugzilla.suse.com/show_bug.cgi?id=1216345 * https://bugzilla.suse.com/show_bug.cgi?id=1216512 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 13 12:45:53 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Nov 2023 12:45:53 -0000 Subject: SUSE-SU-2023:4423-1: important: Security update for tomcat Message-ID: <169987955317.13932.11885443544864736169@smelt2.prg2.suse.org> # Security update for tomcat Announcement ID: SUSE-SU-2023:4423-1 Rating: important References: * bsc#1214666 * bsc#1216118 * bsc#1216119 Cross-References: * CVE-2023-41080 * CVE-2023-42795 * CVE-2023-45648 CVSS scores: * CVE-2023-41080 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-41080 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-42795 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-42795 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-45648 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-45648 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves three vulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2023-42795: Fixed a potential information leak due to insufficient cleanup (bsc#1216119). * CVE-2023-45648: Fixed a request smuggling issue due to an incorrect parsing of HTTP trailer headers (bsc#1216118). * CVE-2023-41080: Fixed URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature (bsc#1214666). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4423=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4423=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4423=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * tomcat-el-3_0-api-9.0.36-150100.4.98.1 * tomcat-servlet-4_0-api-9.0.36-150100.4.98.1 * tomcat-admin-webapps-9.0.36-150100.4.98.1 * tomcat-webapps-9.0.36-150100.4.98.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.98.1 * tomcat-9.0.36-150100.4.98.1 * tomcat-lib-9.0.36-150100.4.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * tomcat-el-3_0-api-9.0.36-150100.4.98.1 * tomcat-servlet-4_0-api-9.0.36-150100.4.98.1 * tomcat-admin-webapps-9.0.36-150100.4.98.1 * tomcat-webapps-9.0.36-150100.4.98.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.98.1 * tomcat-9.0.36-150100.4.98.1 * tomcat-lib-9.0.36-150100.4.98.1 * SUSE CaaS Platform 4.0 (noarch) * tomcat-el-3_0-api-9.0.36-150100.4.98.1 * tomcat-servlet-4_0-api-9.0.36-150100.4.98.1 * tomcat-admin-webapps-9.0.36-150100.4.98.1 * tomcat-webapps-9.0.36-150100.4.98.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.98.1 * tomcat-9.0.36-150100.4.98.1 * tomcat-lib-9.0.36-150100.4.98.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * tomcat-el-3_0-api-9.0.36-150100.4.98.1 * tomcat-servlet-4_0-api-9.0.36-150100.4.98.1 * tomcat-admin-webapps-9.0.36-150100.4.98.1 * tomcat-webapps-9.0.36-150100.4.98.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.98.1 * tomcat-9.0.36-150100.4.98.1 * tomcat-lib-9.0.36-150100.4.98.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41080.html * https://www.suse.com/security/cve/CVE-2023-42795.html * https://www.suse.com/security/cve/CVE-2023-45648.html * https://bugzilla.suse.com/show_bug.cgi?id=1214666 * https://bugzilla.suse.com/show_bug.cgi?id=1216118 * https://bugzilla.suse.com/show_bug.cgi?id=1216119 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 13 12:46:00 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Nov 2023 12:46:00 -0000 Subject: SUSE-SU-2023:4418-1: important: Security update for postgresql14 Message-ID: <169987956081.13932.11869911638408842872@smelt2.prg2.suse.org> # Security update for postgresql14 Announcement ID: SUSE-SU-2023:4418-1 Rating: important References: * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for postgresql14 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) * updated to 14.10 https://www.postgresql.org/docs/14/release-14-10.html * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4418=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4418=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4418=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4418=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql14-devel-debuginfo-14.10-3.33.1 * postgresql14-devel-14.10-3.33.1 * postgresql14-debugsource-14.10-3.33.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * postgresql14-server-devel-debuginfo-14.10-3.33.1 * postgresql14-server-devel-14.10-3.33.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql14-server-debuginfo-14.10-3.33.1 * postgresql14-debugsource-14.10-3.33.1 * postgresql14-plperl-debuginfo-14.10-3.33.1 * postgresql14-server-14.10-3.33.1 * postgresql14-plperl-14.10-3.33.1 * postgresql14-pltcl-debuginfo-14.10-3.33.1 * postgresql14-contrib-14.10-3.33.1 * postgresql14-plpython-debuginfo-14.10-3.33.1 * postgresql14-debuginfo-14.10-3.33.1 * postgresql14-plpython-14.10-3.33.1 * postgresql14-pltcl-14.10-3.33.1 * postgresql14-contrib-debuginfo-14.10-3.33.1 * postgresql14-14.10-3.33.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql14-docs-14.10-3.33.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql14-server-debuginfo-14.10-3.33.1 * postgresql14-debugsource-14.10-3.33.1 * postgresql14-plperl-debuginfo-14.10-3.33.1 * postgresql14-server-14.10-3.33.1 * postgresql14-plperl-14.10-3.33.1 * postgresql14-pltcl-debuginfo-14.10-3.33.1 * postgresql14-contrib-14.10-3.33.1 * postgresql14-plpython-debuginfo-14.10-3.33.1 * postgresql14-debuginfo-14.10-3.33.1 * postgresql14-plpython-14.10-3.33.1 * postgresql14-pltcl-14.10-3.33.1 * postgresql14-contrib-debuginfo-14.10-3.33.1 * postgresql14-14.10-3.33.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql14-docs-14.10-3.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql14-server-debuginfo-14.10-3.33.1 * postgresql14-debugsource-14.10-3.33.1 * postgresql14-plperl-debuginfo-14.10-3.33.1 * postgresql14-server-14.10-3.33.1 * postgresql14-plperl-14.10-3.33.1 * postgresql14-pltcl-debuginfo-14.10-3.33.1 * postgresql14-contrib-14.10-3.33.1 * postgresql14-plpython-debuginfo-14.10-3.33.1 * postgresql14-debuginfo-14.10-3.33.1 * postgresql14-plpython-14.10-3.33.1 * postgresql14-pltcl-14.10-3.33.1 * postgresql14-contrib-debuginfo-14.10-3.33.1 * postgresql14-14.10-3.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql14-docs-14.10-3.33.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 13 16:30:05 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Nov 2023 16:30:05 -0000 Subject: SUSE-SU-2023:4427-1: moderate: Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed Message-ID: <169989300504.2978.11396889938690746881@smelt2.prg2.suse.org> # Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed Announcement ID: SUSE-SU-2023:4427-1 Rating: moderate References: * bsc#1211892 * bsc#1216826 * jsc#PED-4964 Cross-References: * CVE-2023-31022 CVSS scores: * CVE-2023-31022 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31022 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability, contains one feature and has one security fix can now be installed. ## Description: This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Security issue fixed: * CVE-2023-31022: Fixed NULL ptr deref in kernel module layer Changes in kernel-firmware-nvidia-gspx-G06: * update firmware to version 535.129.03 * update firmware to version 535.113.01 Changes in nvidia-open-driver-G06-signed: * Update to version 535.129.03 * Add a devel package so other modules can be built against this one. [jira#PED-4964] * disabled build of nvidia-peermem module; it's no longer needed and never worked anyway (it was only a stub) [bsc#1211892] * preamble: added conflict to nvidia-gfxG05-kmp to prevent users from accidently installing conflicting proprietary kernelspace drivers from CUDA repository * Update to version 535.113.01 * kmp-post.sh/kmp-postun.sh: * add/remove nosimplefb=1 kernel option in order to fix Linux console also on sle15-sp6/Leap 15.6 kernel, which will come with simpledrm support ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4427=1 openSUSE-SLE-15.5-2023-4427=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4427=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4427=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4427=1 ## Package List: * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150500.11.9.1 * openSUSE Leap 15.5 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.129.03_k5.14.21_150500.33.20-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-azure-535.129.03_k5.14.21_150500.33.20-150500.3.13.1 * nvidia-open-driver-G06-signed-azure-devel-535.129.03-150500.3.13.1 * openSUSE Leap 15.5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150500.3.13.1 * nvidia-open-driver-G06-signed-default-devel-535.129.03-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * openSUSE Leap 15.5 (aarch64) * nvidia-open-driver-G06-signed-64kb-devel-535.129.03-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-64kb-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150500.11.9.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * Basesystem Module 15-SP5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150500.11.9.1 * Basesystem Module 15-SP5 (aarch64) * nvidia-open-driver-G06-signed-64kb-devel-535.129.03-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-64kb-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150500.3.13.1 * nvidia-open-driver-G06-signed-default-devel-535.129.03-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150500.55.31-150500.3.13.1 * Public Cloud Module 15-SP5 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.129.03_k5.14.21_150500.33.20-150500.3.13.1 * nvidia-open-driver-G06-signed-kmp-azure-535.129.03_k5.14.21_150500.33.20-150500.3.13.1 * nvidia-open-driver-G06-signed-azure-devel-535.129.03-150500.3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31022.html * https://bugzilla.suse.com/show_bug.cgi?id=1211892 * https://bugzilla.suse.com/show_bug.cgi?id=1216826 * https://jira.suse.com/browse/PED-4964 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 13 16:30:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Nov 2023 16:30:09 -0000 Subject: SUSE-SU-2023:4426-1: moderate: Security update for python-Django1 Message-ID: <169989300915.2978.13383110889209924228@smelt2.prg2.suse.org> # Security update for python-Django1 Announcement ID: SUSE-SU-2023:4426-1 Rating: moderate References: * bsc#1215978 Cross-References: * CVE-2023-43665 CVSS scores: * CVE-2023-43665 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-43665 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for python-Django1 fixes the following issues: * CVE-2023-43665: Fixed a denial of service in django.utils.text.Truncator (bsc#1215978). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-4426=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-4426=1 ## Package List: * SUSE OpenStack Cloud 9 (noarch) * python-Django1-1.11.29-3.53.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * python-Django1-1.11.29-3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43665.html * https://bugzilla.suse.com/show_bug.cgi?id=1215978 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 13 16:30:13 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Nov 2023 16:30:13 -0000 Subject: SUSE-SU-2023:4425-1: important: Security update for postgresql, postgresql15, postgresql16 Message-ID: <169989301358.2978.4704782955110743002@smelt2.prg2.suse.org> # Security update for postgresql, postgresql15, postgresql16 Announcement ID: SUSE-SU-2023:4425-1 Rating: important References: * bsc#1122892 * bsc#1179231 * bsc#1206796 * bsc#1209208 * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 * jsc#PED-5586 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves three vulnerabilities, contains one feature and has six security fixes can now be installed. ## Description: This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16 (jsc#PED-5586). Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) Changes in postgresql16: * Upgrade to 16.1: * https://www.postgresql.org/about/news/2715 * https://www.postgresql.org/docs/16/release-16.html * https://www.postgresql.org/docs/16/release-16-1.html Changes in postgresql15: * Update to 15.5 https://www.postgresql.org/docs/15/release-15-5.html * The libs and mini package are now provided by postgresql16. * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. Changes in postgresql: * Bump default to 16. * Interlock version and release of all noarch packages except for the postgresql-docs. * Bump major version to prepare for PostgreSQL 16, but keep default at 15 for now on Factory. * bsc#1122892: Add a sysconfig variable for initdb. * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * bsc#1179231: Add an explanation for the /tmp -> /run/postgresql move and permission change. * Add postgresql-README as a separate source file. * bsc#1209208: Drop hard dependency on systemd * bsc#1206796: Refine the distinction of where to use sysusers and use bcond to have the expression only in one place. * avoid bashisms in /bin/sh based startup script * Bump to postgresql 15 * Change to systemd-sysusers ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4425=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4425=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4425=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4425=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * postgresql-devel-16-4.23.3 * postgresql-server-devel-16-4.23.3 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql15-server-devel-15.5-3.19.2 * postgresql15-devel-debuginfo-15.5-3.19.2 * postgresql16-devel-debuginfo-16.1-3.7.1 * postgresql15-server-devel-debuginfo-15.5-3.19.2 * postgresql16-server-devel-debuginfo-16.1-3.7.1 * postgresql16-server-devel-16.1-3.7.1 * postgresql15-devel-15.5-3.19.2 * postgresql16-devel-16.1-3.7.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql15-contrib-debuginfo-15.5-3.19.2 * postgresql16-plperl-debuginfo-16.1-3.7.1 * postgresql15-server-15.5-3.19.2 * postgresql16-contrib-debuginfo-16.1-3.7.1 * libecpg6-16.1-3.7.1 * libecpg6-debuginfo-16.1-3.7.1 * postgresql15-plperl-15.5-3.19.2 * postgresql16-pltcl-16.1-3.7.1 * postgresql16-server-debuginfo-16.1-3.7.1 * postgresql15-contrib-15.5-3.19.2 * libpq5-debuginfo-16.1-3.7.1 * postgresql15-debuginfo-15.5-3.19.2 * postgresql15-plperl-debuginfo-15.5-3.19.2 * postgresql15-plpython-15.5-3.19.2 * postgresql16-debugsource-16.1-3.7.1 * postgresql16-debuginfo-16.1-3.7.1 * postgresql15-plpython-debuginfo-15.5-3.19.2 * postgresql16-16.1-3.7.1 * postgresql16-plpython-16.1-3.7.1 * postgresql15-debugsource-15.5-3.19.2 * postgresql16-pltcl-debuginfo-16.1-3.7.1 * postgresql15-pltcl-15.5-3.19.2 * postgresql15-server-debuginfo-15.5-3.19.2 * postgresql16-plpython-debuginfo-16.1-3.7.1 * postgresql16-plperl-16.1-3.7.1 * postgresql15-pltcl-debuginfo-15.5-3.19.2 * postgresql16-server-16.1-3.7.1 * postgresql15-15.5-3.19.2 * postgresql16-contrib-16.1-3.7.1 * libpq5-16.1-3.7.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql16-docs-16.1-3.7.1 * postgresql-plperl-16-4.23.3 * postgresql-server-16-4.23.3 * postgresql-plpython-16-4.23.3 * postgresql-docs-16-4.23.3 * postgresql-pltcl-16-4.23.3 * postgresql15-docs-15.5-3.19.2 * postgresql-16-4.23.3 * postgresql-contrib-16-4.23.3 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpq5-debuginfo-32bit-16.1-3.7.1 * libpq5-32bit-16.1-3.7.1 * libecpg6-debuginfo-32bit-16.1-3.7.1 * libecpg6-32bit-16.1-3.7.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql15-contrib-debuginfo-15.5-3.19.2 * postgresql16-plperl-debuginfo-16.1-3.7.1 * postgresql15-server-15.5-3.19.2 * postgresql16-contrib-debuginfo-16.1-3.7.1 * libecpg6-16.1-3.7.1 * libecpg6-debuginfo-16.1-3.7.1 * postgresql15-plperl-15.5-3.19.2 * postgresql16-pltcl-16.1-3.7.1 * postgresql16-server-debuginfo-16.1-3.7.1 * postgresql15-contrib-15.5-3.19.2 * libpq5-debuginfo-16.1-3.7.1 * postgresql15-debuginfo-15.5-3.19.2 * postgresql15-plperl-debuginfo-15.5-3.19.2 * postgresql15-plpython-15.5-3.19.2 * postgresql16-debugsource-16.1-3.7.1 * postgresql16-debuginfo-16.1-3.7.1 * postgresql15-plpython-debuginfo-15.5-3.19.2 * postgresql16-16.1-3.7.1 * postgresql16-plpython-16.1-3.7.1 * postgresql15-debugsource-15.5-3.19.2 * postgresql16-pltcl-debuginfo-16.1-3.7.1 * postgresql15-pltcl-15.5-3.19.2 * postgresql15-server-debuginfo-15.5-3.19.2 * postgresql16-plpython-debuginfo-16.1-3.7.1 * postgresql16-plperl-16.1-3.7.1 * postgresql15-pltcl-debuginfo-15.5-3.19.2 * postgresql16-server-16.1-3.7.1 * postgresql15-15.5-3.19.2 * postgresql16-contrib-16.1-3.7.1 * libpq5-16.1-3.7.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql16-docs-16.1-3.7.1 * postgresql-plperl-16-4.23.3 * postgresql-server-16-4.23.3 * postgresql-plpython-16-4.23.3 * postgresql-docs-16-4.23.3 * postgresql-pltcl-16-4.23.3 * postgresql15-docs-15.5-3.19.2 * postgresql-16-4.23.3 * postgresql-contrib-16-4.23.3 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libpq5-debuginfo-32bit-16.1-3.7.1 * libpq5-32bit-16.1-3.7.1 * libecpg6-debuginfo-32bit-16.1-3.7.1 * libecpg6-32bit-16.1-3.7.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql15-contrib-debuginfo-15.5-3.19.2 * postgresql16-plperl-debuginfo-16.1-3.7.1 * postgresql15-server-15.5-3.19.2 * postgresql16-contrib-debuginfo-16.1-3.7.1 * libecpg6-16.1-3.7.1 * libecpg6-debuginfo-16.1-3.7.1 * postgresql15-plperl-15.5-3.19.2 * postgresql16-pltcl-16.1-3.7.1 * postgresql16-server-debuginfo-16.1-3.7.1 * postgresql15-contrib-15.5-3.19.2 * libpq5-debuginfo-16.1-3.7.1 * postgresql15-debuginfo-15.5-3.19.2 * postgresql15-plperl-debuginfo-15.5-3.19.2 * postgresql15-plpython-15.5-3.19.2 * postgresql16-debugsource-16.1-3.7.1 * postgresql16-debuginfo-16.1-3.7.1 * postgresql15-plpython-debuginfo-15.5-3.19.2 * postgresql16-16.1-3.7.1 * postgresql16-plpython-16.1-3.7.1 * postgresql15-debugsource-15.5-3.19.2 * postgresql16-pltcl-debuginfo-16.1-3.7.1 * postgresql15-pltcl-15.5-3.19.2 * postgresql15-server-debuginfo-15.5-3.19.2 * postgresql16-plpython-debuginfo-16.1-3.7.1 * postgresql16-plperl-16.1-3.7.1 * postgresql15-pltcl-debuginfo-15.5-3.19.2 * postgresql16-server-16.1-3.7.1 * postgresql15-15.5-3.19.2 * postgresql16-contrib-16.1-3.7.1 * libpq5-16.1-3.7.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql16-docs-16.1-3.7.1 * postgresql-plperl-16-4.23.3 * postgresql-server-16-4.23.3 * postgresql-plpython-16-4.23.3 * postgresql-docs-16-4.23.3 * postgresql-pltcl-16-4.23.3 * postgresql15-docs-15.5-3.19.2 * postgresql-16-4.23.3 * postgresql-contrib-16-4.23.3 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libpq5-debuginfo-32bit-16.1-3.7.1 * libpq5-32bit-16.1-3.7.1 * libecpg6-debuginfo-32bit-16.1-3.7.1 * libecpg6-32bit-16.1-3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1122892 * https://bugzilla.suse.com/show_bug.cgi?id=1179231 * https://bugzilla.suse.com/show_bug.cgi?id=1206796 * https://bugzilla.suse.com/show_bug.cgi?id=1209208 * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 * https://jira.suse.com/browse/PED-5586 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 13 16:30:16 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Nov 2023 16:30:16 -0000 Subject: SUSE-SU-2023:4424-1: important: Security update for squashfs Message-ID: <169989301644.2978.13029744922881564816@smelt2.prg2.suse.org> # Security update for squashfs Announcement ID: SUSE-SU-2023:4424-1 Rating: important References: * bsc#1133284 * bsc#1160294 * bsc#1189936 * bsc#1190531 * bsc#935380 Cross-References: * CVE-2015-4645 * CVE-2015-4646 * CVE-2021-40153 * CVE-2021-41072 CVSS scores: * CVE-2015-4645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2015-4645 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2015-4646 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-40153 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2021-40153 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2021-41072 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2021-41072 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for squashfs fixes the following issues: * CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs- tools (bsc#935380) * CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936) * CVE-2021-41072: Fixed an issue where an attacker might have been able to write a file outside the destination directory via a symlink (bsc#1190531). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4424=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4424=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4424=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * squashfs-debuginfo-4.6.1-8.3.2 * squashfs-4.6.1-8.3.2 * squashfs-debugsource-4.6.1-8.3.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-8.3.2 * squashfs-4.6.1-8.3.2 * squashfs-debugsource-4.6.1-8.3.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * squashfs-debuginfo-4.6.1-8.3.2 * squashfs-4.6.1-8.3.2 * squashfs-debugsource-4.6.1-8.3.2 ## References: * https://www.suse.com/security/cve/CVE-2015-4645.html * https://www.suse.com/security/cve/CVE-2015-4646.html * https://www.suse.com/security/cve/CVE-2021-40153.html * https://www.suse.com/security/cve/CVE-2021-41072.html * https://bugzilla.suse.com/show_bug.cgi?id=1133284 * https://bugzilla.suse.com/show_bug.cgi?id=1160294 * https://bugzilla.suse.com/show_bug.cgi?id=1189936 * https://bugzilla.suse.com/show_bug.cgi?id=1190531 * https://bugzilla.suse.com/show_bug.cgi?id=935380 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 13 20:30:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Nov 2023 20:30:04 -0000 Subject: SUSE-SU-2023:4432-1: important: Security update for apache2 Message-ID: <169990740423.29927.7999944706645332083@smelt2.prg2.suse.org> # Security update for apache2 Announcement ID: SUSE-SU-2023:4432-1 Rating: important References: * bsc#1214357 * bsc#1216424 Cross-References: * CVE-2023-31122 CVSS scores: * CVE-2023-31122 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: * Fixed the content type handling in mod_proxy_http2 (bsc#1214357). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4432=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4432=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4432=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * apache2-debugsource-2.4.33-150000.3.78.1 * apache2-2.4.33-150000.3.78.1 * apache2-prefork-debuginfo-2.4.33-150000.3.78.1 * apache2-debuginfo-2.4.33-150000.3.78.1 * apache2-utils-2.4.33-150000.3.78.1 * apache2-prefork-2.4.33-150000.3.78.1 * apache2-worker-2.4.33-150000.3.78.1 * apache2-utils-debuginfo-2.4.33-150000.3.78.1 * apache2-devel-2.4.33-150000.3.78.1 * apache2-worker-debuginfo-2.4.33-150000.3.78.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * apache2-doc-2.4.33-150000.3.78.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.33-150000.3.78.1 * apache2-2.4.33-150000.3.78.1 * apache2-prefork-debuginfo-2.4.33-150000.3.78.1 * apache2-debuginfo-2.4.33-150000.3.78.1 * apache2-utils-2.4.33-150000.3.78.1 * apache2-prefork-2.4.33-150000.3.78.1 * apache2-worker-2.4.33-150000.3.78.1 * apache2-utils-debuginfo-2.4.33-150000.3.78.1 * apache2-devel-2.4.33-150000.3.78.1 * apache2-worker-debuginfo-2.4.33-150000.3.78.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * apache2-doc-2.4.33-150000.3.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * apache2-debugsource-2.4.33-150000.3.78.1 * apache2-2.4.33-150000.3.78.1 * apache2-prefork-debuginfo-2.4.33-150000.3.78.1 * apache2-debuginfo-2.4.33-150000.3.78.1 * apache2-utils-2.4.33-150000.3.78.1 * apache2-prefork-2.4.33-150000.3.78.1 * apache2-worker-2.4.33-150000.3.78.1 * apache2-utils-debuginfo-2.4.33-150000.3.78.1 * apache2-devel-2.4.33-150000.3.78.1 * apache2-worker-debuginfo-2.4.33-150000.3.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * apache2-doc-2.4.33-150000.3.78.1 * SUSE CaaS Platform 4.0 (x86_64) * apache2-debugsource-2.4.33-150000.3.78.1 * apache2-2.4.33-150000.3.78.1 * apache2-prefork-debuginfo-2.4.33-150000.3.78.1 * apache2-debuginfo-2.4.33-150000.3.78.1 * apache2-utils-2.4.33-150000.3.78.1 * apache2-prefork-2.4.33-150000.3.78.1 * apache2-worker-2.4.33-150000.3.78.1 * apache2-utils-debuginfo-2.4.33-150000.3.78.1 * apache2-devel-2.4.33-150000.3.78.1 * apache2-worker-debuginfo-2.4.33-150000.3.78.1 * SUSE CaaS Platform 4.0 (noarch) * apache2-doc-2.4.33-150000.3.78.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31122.html * https://bugzilla.suse.com/show_bug.cgi?id=1214357 * https://bugzilla.suse.com/show_bug.cgi?id=1216424 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 13 20:30:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Nov 2023 20:30:06 -0000 Subject: SUSE-SU-2023:4431-1: important: Security update for apache2 Message-ID: <169990740675.29927.9591018740560125922@smelt2.prg2.suse.org> # Security update for apache2 Announcement ID: SUSE-SU-2023:4431-1 Rating: important References: * bsc#1207399 * bsc#1214357 * bsc#1216424 Cross-References: * CVE-2023-31122 CVSS scores: * CVE-2023-31122 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: * Fixed the content type handling in mod_proxy_http2 (bsc#1214357). * Fixed a floating point exception crash (bsc#1207399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4431=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4431=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4431=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4431=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4431=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4431=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4431=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4431=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4431=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4431=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4431=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Manager Proxy 4.2 (x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Manager Proxy 4.2 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Manager Server 4.2 (noarch) * apache2-doc-2.4.51-150200.3.59.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * apache2-utils-debuginfo-2.4.51-150200.3.59.1 * apache2-worker-debuginfo-2.4.51-150200.3.59.1 * apache2-2.4.51-150200.3.59.1 * apache2-prefork-debuginfo-2.4.51-150200.3.59.1 * apache2-debuginfo-2.4.51-150200.3.59.1 * apache2-debugsource-2.4.51-150200.3.59.1 * apache2-devel-2.4.51-150200.3.59.1 * apache2-worker-2.4.51-150200.3.59.1 * apache2-prefork-2.4.51-150200.3.59.1 * apache2-utils-2.4.51-150200.3.59.1 * SUSE Enterprise Storage 7.1 (noarch) * apache2-doc-2.4.51-150200.3.59.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31122.html * https://bugzilla.suse.com/show_bug.cgi?id=1207399 * https://bugzilla.suse.com/show_bug.cgi?id=1214357 * https://bugzilla.suse.com/show_bug.cgi?id=1216424 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 13 20:30:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Nov 2023 20:30:09 -0000 Subject: SUSE-SU-2023:4430-1: important: Security update for apache2 Message-ID: <169990740953.29927.9109947181904410165@smelt2.prg2.suse.org> # Security update for apache2 Announcement ID: SUSE-SU-2023:4430-1 Rating: important References: * bsc#1207399 * bsc#1214357 * bsc#1216424 Cross-References: * CVE-2023-31122 CVSS scores: * CVE-2023-31122 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: * Fixed the content type handling in mod_proxy_http2 (bsc#1214357). * Fixed a floating point exception crash (bsc#1207399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4430=1 openSUSE-SLE-15.4-2023-4430=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4430=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4430=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4430=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4430=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4430=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4430=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4430=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * apache2-worker-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-event-2.4.51-150400.6.14.1 * apache2-prefork-debuginfo-2.4.51-150400.6.14.1 * apache2-2.4.51-150400.6.14.1 * apache2-example-pages-2.4.51-150400.6.14.1 * apache2-utils-2.4.51-150400.6.14.1 * apache2-prefork-2.4.51-150400.6.14.1 * apache2-utils-debuginfo-2.4.51-150400.6.14.1 * apache2-worker-debuginfo-2.4.51-150400.6.14.1 * apache2-event-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-devel-2.4.51-150400.6.14.1 * openSUSE Leap 15.4 (noarch) * apache2-doc-2.4.51-150400.6.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * apache2-worker-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-event-2.4.51-150400.6.14.1 * apache2-prefork-debuginfo-2.4.51-150400.6.14.1 * apache2-2.4.51-150400.6.14.1 * apache2-example-pages-2.4.51-150400.6.14.1 * apache2-utils-2.4.51-150400.6.14.1 * apache2-prefork-2.4.51-150400.6.14.1 * apache2-utils-debuginfo-2.4.51-150400.6.14.1 * apache2-worker-debuginfo-2.4.51-150400.6.14.1 * apache2-event-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-devel-2.4.51-150400.6.14.1 * openSUSE Leap 15.5 (noarch) * apache2-doc-2.4.51-150400.6.14.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-prefork-debuginfo-2.4.51-150400.6.14.1 * apache2-2.4.51-150400.6.14.1 * apache2-utils-2.4.51-150400.6.14.1 * apache2-prefork-2.4.51-150400.6.14.1 * apache2-utils-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-prefork-debuginfo-2.4.51-150400.6.14.1 * apache2-2.4.51-150400.6.14.1 * apache2-utils-2.4.51-150400.6.14.1 * apache2-prefork-2.4.51-150400.6.14.1 * apache2-utils-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-event-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-event-debuginfo-2.4.51-150400.6.14.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-event-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-event-debuginfo-2.4.51-150400.6.14.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-worker-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-worker-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-devel-2.4.51-150400.6.14.1 * Server Applications Module 15-SP4 (noarch) * apache2-doc-2.4.51-150400.6.14.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-worker-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-worker-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-devel-2.4.51-150400.6.14.1 * Server Applications Module 15-SP5 (noarch) * apache2-doc-2.4.51-150400.6.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31122.html * https://bugzilla.suse.com/show_bug.cgi?id=1207399 * https://bugzilla.suse.com/show_bug.cgi?id=1214357 * https://bugzilla.suse.com/show_bug.cgi?id=1216424 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 13 20:30:11 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Nov 2023 20:30:11 -0000 Subject: SUSE-SU-2023:4416-1: important: Security update for containerized-data-importer Message-ID: <169990741167.29927.13755010218493552232@smelt2.prg2.suse.org> # Security update for containerized-data-importer Announcement ID: SUSE-SU-2023:4416-1 Rating: important References: Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for containerized-data-importer fixes the following issue: * rebuild with current go compiler ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4416=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4416=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4416=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4416=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4416=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4416=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4416=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4416=1 ## Package List: * openSUSE Leap Micro 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * openSUSE Leap 15.4 (x86_64) * containerized-data-importer-api-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-importer-1.51.0-150400.4.20.2 * containerized-data-importer-importer-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-operator-1.51.0-150400.4.20.2 * containerized-data-importer-operator-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-controller-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-cloner-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-uploadproxy-1.51.0-150400.4.20.2 * containerized-data-importer-controller-1.51.0-150400.4.20.2 * containerized-data-importer-uploadserver-1.51.0-150400.4.20.2 * containerized-data-importer-uploadproxy-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-cloner-1.51.0-150400.4.20.2 * containerized-data-importer-uploadserver-debuginfo-1.51.0-150400.4.20.2 * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * containerized-data-importer-api-1.51.0-150400.4.20.2 * obs-service-cdi_containers_meta-1.51.0-150400.4.20.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * SUSE Linux Enterprise Micro 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * SUSE Linux Enterprise Micro 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * Containers Module 15-SP4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 * openSUSE Leap Micro 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.20.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 13 20:30:14 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Nov 2023 20:30:14 -0000 Subject: SUSE-SU-2023:4429-1: moderate: Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed Message-ID: <169990741421.29927.9626965614542053008@smelt2.prg2.suse.org> # Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed Announcement ID: SUSE-SU-2023:4429-1 Rating: moderate References: * bsc#1216826 Cross-References: * CVE-2023-31022 CVSS scores: * CVE-2023-31022 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31022 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Security issues fixed: * CVE-2023-31022: Fixed NULL ptr deref in kernel module layer Changes in kernel-firmware-nvidia-gspx-G06: * update firmware to version 535.129.03 Changes in nvidia-open-driver-G06-signed: * Update to version 535.129.03 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4429=1 openSUSE-SLE-15.4-2023-4429=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4429=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4429=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4429=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4429=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4429=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4429=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4429=1 ## Package List: * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1 * openSUSE Leap 15.4 (x86_64) * nvidia-open-driver-G06-signed-azure-devel-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-azure-535.129.03_k5.14.21_150400.14.72-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.129.03_k5.14.21_150400.14.72-150400.9.27.1 * openSUSE Leap 15.4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-default-devel-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * openSUSE Leap 15.4 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-64kb-devel-535.129.03-150400.9.27.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * Basesystem Module 15-SP4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1 * Basesystem Module 15-SP4 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-64kb-devel-535.129.03-150400.9.27.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-debugsource-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-default-devel-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150400.24.92-150400.9.27.1 * Basesystem Module 15-SP5 (aarch64 nosrc) * kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1 * Public Cloud Module 15-SP4 (x86_64) * nvidia-open-driver-G06-signed-azure-devel-535.129.03-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-azure-535.129.03_k5.14.21_150400.14.72-150400.9.27.1 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.129.03_k5.14.21_150400.14.72-150400.9.27.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31022.html * https://bugzilla.suse.com/show_bug.cgi?id=1216826 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 14 08:02:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Nov 2023 09:02:04 +0100 (CET) Subject: SUSE-CU-2023:3702-1: Security update of suse/registry Message-ID: <20231114080204.71A50FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3702-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-15.12 , suse/registry:latest Container Release : 15.12 Severity : important Type : security References : 1207399 1214357 1216424 CVE-2023-31122 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4430-1 Released: Mon Nov 13 17:55:09 2023 Summary: Security update for apache2 Type: security Severity: important References: 1207399,1214357,1216424,CVE-2023-31122 This update for apache2 fixes the following issues: - CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: - Fixed the content type handling in mod_proxy_http2 (bsc#1214357). - Fixed a floating point exception crash (bsc#1207399). The following package changes have been done: - apache2-utils-2.4.51-150400.6.14.1 updated From sle-security-updates at lists.suse.com Tue Nov 14 08:02:24 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Nov 2023 09:02:24 +0100 (CET) Subject: SUSE-CU-2023:3704-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231114080224.14D91FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3704-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.5 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.5 Container Release : 9.40.5 Severity : important Type : security References : 1207399 1214357 1216424 CVE-2023-31122 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4430-1 Released: Mon Nov 13 17:55:09 2023 Summary: Security update for apache2 Type: security Severity: important References: 1207399,1214357,1216424,CVE-2023-31122 This update for apache2 fixes the following issues: - CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: - Fixed the content type handling in mod_proxy_http2 (bsc#1214357). - Fixed a floating point exception crash (bsc#1207399). The following package changes have been done: - apache2-utils-2.4.51-150400.6.14.1 updated - apache2-2.4.51-150400.6.14.1 updated - apache2-prefork-2.4.51-150400.6.14.1 updated From sle-security-updates at lists.suse.com Tue Nov 14 12:30:02 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Nov 2023 12:30:02 -0000 Subject: SUSE-SU-2023:4438-1: low: Security update for xterm Message-ID: <169996500287.27826.8954482663854018@smelt2.prg2.suse.org> # Security update for xterm Announcement ID: SUSE-SU-2023:4438-1 Rating: low References: * bsc#1214282 Cross-References: * CVE-2023-40359 CVSS scores: * CVE-2023-40359 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40359 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for xterm fixes the following issues: * CVE-2023-40359: Fixed reporting characterset names in ReGiS graphics mode. (bsc#1214282) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4438=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4438=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4438=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4438=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4438=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4438=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4438=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xterm-bin-330-150200.11.12.1 * xterm-debugsource-330-150200.11.12.1 * xterm-bin-debuginfo-330-150200.11.12.1 * xterm-330-150200.11.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * xterm-bin-330-150200.11.12.1 * xterm-debugsource-330-150200.11.12.1 * xterm-bin-debuginfo-330-150200.11.12.1 * xterm-330-150200.11.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xterm-bin-330-150200.11.12.1 * xterm-debugsource-330-150200.11.12.1 * xterm-bin-debuginfo-330-150200.11.12.1 * xterm-330-150200.11.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xterm-bin-330-150200.11.12.1 * xterm-debugsource-330-150200.11.12.1 * xterm-bin-debuginfo-330-150200.11.12.1 * xterm-330-150200.11.12.1 * SUSE Manager Proxy 4.2 (x86_64) * xterm-bin-330-150200.11.12.1 * xterm-debugsource-330-150200.11.12.1 * xterm-bin-debuginfo-330-150200.11.12.1 * xterm-330-150200.11.12.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * xterm-bin-330-150200.11.12.1 * xterm-debugsource-330-150200.11.12.1 * xterm-bin-debuginfo-330-150200.11.12.1 * xterm-330-150200.11.12.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * xterm-bin-330-150200.11.12.1 * xterm-debugsource-330-150200.11.12.1 * xterm-bin-debuginfo-330-150200.11.12.1 * xterm-330-150200.11.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40359.html * https://bugzilla.suse.com/show_bug.cgi?id=1214282 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 14 12:30:07 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Nov 2023 12:30:07 -0000 Subject: SUSE-SU-2023:4434-1: important: Security update for postgresql13 Message-ID: <169996500786.27826.3452763030315867095@smelt2.prg2.suse.org> # Security update for postgresql13 Announcement ID: SUSE-SU-2023:4434-1 Rating: important References: * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for postgresql13 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) * Update to 13.13: https://www.postgresql.org/docs/13/release-13-13.html * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4434=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4434=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4434=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4434=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql13-devel-debuginfo-13.13-3.43.1 * postgresql13-debugsource-13.13-3.43.1 * postgresql13-devel-13.13-3.43.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * postgresql13-server-devel-13.13-3.43.1 * postgresql13-server-devel-debuginfo-13.13-3.43.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql13-pltcl-13.13-3.43.1 * postgresql13-server-debuginfo-13.13-3.43.1 * postgresql13-contrib-13.13-3.43.1 * postgresql13-plpython-debuginfo-13.13-3.43.1 * postgresql13-plpython-13.13-3.43.1 * postgresql13-contrib-debuginfo-13.13-3.43.1 * postgresql13-server-13.13-3.43.1 * postgresql13-plperl-debuginfo-13.13-3.43.1 * postgresql13-plperl-13.13-3.43.1 * postgresql13-13.13-3.43.1 * postgresql13-pltcl-debuginfo-13.13-3.43.1 * postgresql13-debuginfo-13.13-3.43.1 * postgresql13-debugsource-13.13-3.43.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql13-docs-13.13-3.43.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql13-pltcl-13.13-3.43.1 * postgresql13-server-debuginfo-13.13-3.43.1 * postgresql13-contrib-13.13-3.43.1 * postgresql13-plpython-debuginfo-13.13-3.43.1 * postgresql13-plpython-13.13-3.43.1 * postgresql13-contrib-debuginfo-13.13-3.43.1 * postgresql13-server-13.13-3.43.1 * postgresql13-plperl-debuginfo-13.13-3.43.1 * postgresql13-plperl-13.13-3.43.1 * postgresql13-13.13-3.43.1 * postgresql13-pltcl-debuginfo-13.13-3.43.1 * postgresql13-debuginfo-13.13-3.43.1 * postgresql13-debugsource-13.13-3.43.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql13-docs-13.13-3.43.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql13-pltcl-13.13-3.43.1 * postgresql13-server-debuginfo-13.13-3.43.1 * postgresql13-contrib-13.13-3.43.1 * postgresql13-plpython-debuginfo-13.13-3.43.1 * postgresql13-plpython-13.13-3.43.1 * postgresql13-contrib-debuginfo-13.13-3.43.1 * postgresql13-server-13.13-3.43.1 * postgresql13-plperl-debuginfo-13.13-3.43.1 * postgresql13-plperl-13.13-3.43.1 * postgresql13-13.13-3.43.1 * postgresql13-pltcl-debuginfo-13.13-3.43.1 * postgresql13-debuginfo-13.13-3.43.1 * postgresql13-debugsource-13.13-3.43.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql13-docs-13.13-3.43.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 14 12:30:10 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Nov 2023 12:30:10 -0000 Subject: SUSE-SU-2023:4433-1: important: Security update for postgresql12 Message-ID: <169996501022.27826.4459915525861662446@smelt2.prg2.suse.org> # Security update for postgresql12 Announcement ID: SUSE-SU-2023:4433-1 Rating: important References: * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for postgresql12 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) * Update to 12.17 https://www.postgresql.org/docs/12/release-12-17.html * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4433=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4433=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4433=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4433=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql12-debugsource-12.17-3.49.1 * postgresql12-devel-12.17-3.49.1 * postgresql12-devel-debuginfo-12.17-3.49.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * postgresql12-server-devel-debuginfo-12.17-3.49.1 * postgresql12-server-devel-12.17-3.49.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql12-contrib-12.17-3.49.1 * postgresql12-server-debuginfo-12.17-3.49.1 * postgresql12-debuginfo-12.17-3.49.1 * postgresql12-debugsource-12.17-3.49.1 * postgresql12-contrib-debuginfo-12.17-3.49.1 * postgresql12-plperl-12.17-3.49.1 * postgresql12-server-12.17-3.49.1 * postgresql12-pltcl-12.17-3.49.1 * postgresql12-plpython-debuginfo-12.17-3.49.1 * postgresql12-pltcl-debuginfo-12.17-3.49.1 * postgresql12-plpython-12.17-3.49.1 * postgresql12-plperl-debuginfo-12.17-3.49.1 * postgresql12-12.17-3.49.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql12-docs-12.17-3.49.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql12-contrib-12.17-3.49.1 * postgresql12-server-debuginfo-12.17-3.49.1 * postgresql12-debuginfo-12.17-3.49.1 * postgresql12-debugsource-12.17-3.49.1 * postgresql12-contrib-debuginfo-12.17-3.49.1 * postgresql12-plperl-12.17-3.49.1 * postgresql12-server-12.17-3.49.1 * postgresql12-pltcl-12.17-3.49.1 * postgresql12-plpython-debuginfo-12.17-3.49.1 * postgresql12-pltcl-debuginfo-12.17-3.49.1 * postgresql12-plpython-12.17-3.49.1 * postgresql12-plperl-debuginfo-12.17-3.49.1 * postgresql12-12.17-3.49.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql12-docs-12.17-3.49.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql12-contrib-12.17-3.49.1 * postgresql12-server-debuginfo-12.17-3.49.1 * postgresql12-debuginfo-12.17-3.49.1 * postgresql12-debugsource-12.17-3.49.1 * postgresql12-contrib-debuginfo-12.17-3.49.1 * postgresql12-plperl-12.17-3.49.1 * postgresql12-server-12.17-3.49.1 * postgresql12-pltcl-12.17-3.49.1 * postgresql12-plpython-debuginfo-12.17-3.49.1 * postgresql12-pltcl-debuginfo-12.17-3.49.1 * postgresql12-plpython-12.17-3.49.1 * postgresql12-plperl-debuginfo-12.17-3.49.1 * postgresql12-12.17-3.49.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql12-docs-12.17-3.49.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 14 16:30:03 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Nov 2023 16:30:03 -0000 Subject: SUSE-SU-2023:4439-1: moderate: Security update for w3m Message-ID: <169997940377.24660.10347711293632998086@smelt2.prg2.suse.org> # Security update for w3m Announcement ID: SUSE-SU-2023:4439-1 Rating: moderate References: * bsc#1213323 * bsc#1213324 Cross-References: * CVE-2023-38252 * CVE-2023-38253 CVSS scores: * CVE-2023-38252 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-38253 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for w3m fixes the following issues: * Update to version 0.5.3+git20230121 * CVE-2023-38252: Fixed an out-of-bounds write in function Strnew_size that allows attackers to cause a denial of service via a crafted HTML file. (bsc#1213324) * CVE-2023-38253: Fixed an out-of-bounds write in function growbuf_to_Str that allows attackers to cause a denial of service via a crafted HTML file. (bsc#1213323) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4439=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4439=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4439=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4439=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * w3m-0.5.3+git20230121-150000.3.6.1 * w3m-debugsource-0.5.3+git20230121-150000.3.6.1 * w3m-inline-image-debuginfo-0.5.3+git20230121-150000.3.6.1 * w3m-inline-image-0.5.3+git20230121-150000.3.6.1 * w3m-debuginfo-0.5.3+git20230121-150000.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * w3m-0.5.3+git20230121-150000.3.6.1 * w3m-debugsource-0.5.3+git20230121-150000.3.6.1 * w3m-debuginfo-0.5.3+git20230121-150000.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * w3m-0.5.3+git20230121-150000.3.6.1 * w3m-debugsource-0.5.3+git20230121-150000.3.6.1 * w3m-debuginfo-0.5.3+git20230121-150000.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * w3m-0.5.3+git20230121-150000.3.6.1 * w3m-debugsource-0.5.3+git20230121-150000.3.6.1 * w3m-inline-image-debuginfo-0.5.3+git20230121-150000.3.6.1 * w3m-inline-image-0.5.3+git20230121-150000.3.6.1 * w3m-debuginfo-0.5.3+git20230121-150000.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38252.html * https://www.suse.com/security/cve/CVE-2023-38253.html * https://bugzilla.suse.com/show_bug.cgi?id=1213323 * https://bugzilla.suse.com/show_bug.cgi?id=1213324 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 14 20:30:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Nov 2023 20:30:04 -0000 Subject: SUSE-SU-2023:4442-1: important: Security update for ucode-intel Message-ID: <169999380405.15555.4492596742203581064@smelt2.prg2.suse.org> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:4442-1 Rating: important References: * bsc#1215278 Cross-References: * CVE-2023-23583 CVSS scores: * CVE-2023-23583 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278) * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4442=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4442=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4442=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * ucode-intel-20231113-128.1 * ucode-intel-debugsource-20231113-128.1 * ucode-intel-debuginfo-20231113-128.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * ucode-intel-20231113-128.1 * ucode-intel-debugsource-20231113-128.1 * ucode-intel-debuginfo-20231113-128.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * ucode-intel-20231113-128.1 * ucode-intel-debugsource-20231113-128.1 * ucode-intel-debuginfo-20231113-128.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23583.html * https://bugzilla.suse.com/show_bug.cgi?id=1215278 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 14 20:30:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Nov 2023 20:30:06 -0000 Subject: SUSE-SU-2023:4441-1: important: Security update for ucode-intel Message-ID: <169999380626.15555.4816184729555011208@smelt2.prg2.suse.org> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:4441-1 Rating: important References: * bsc#1215278 Cross-References: * CVE-2023-23583 CVSS scores: * CVE-2023-23583 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278) * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4441=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4441=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4441=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * ucode-intel-20231113-150100.3.228.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * ucode-intel-20231113-150100.3.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * ucode-intel-20231113-150100.3.228.1 * SUSE CaaS Platform 4.0 (x86_64) * ucode-intel-20231113-150100.3.228.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23583.html * https://bugzilla.suse.com/show_bug.cgi?id=1215278 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 14 20:30:08 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Nov 2023 20:30:08 -0000 Subject: SUSE-SU-2023:4440-1: important: Security update for ucode-intel Message-ID: <169999380862.15555.12128852120494930260@smelt2.prg2.suse.org> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:4440-1 Rating: important References: * bsc#1215278 Cross-References: * CVE-2023-23583 CVSS scores: * CVE-2023-23583 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278) * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4440=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4440=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4440=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4440=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4440=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4440=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4440=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4440=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4440=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4440=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4440=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4440=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4440=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4440=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4440=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4440=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4440=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4440=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4440=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4440=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4440=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4440=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4440=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4440=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4440=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * ucode-intel-20231113-150200.32.1 * openSUSE Leap Micro 5.4 (x86_64) * ucode-intel-20231113-150200.32.1 * openSUSE Leap 15.4 (x86_64) * ucode-intel-20231113-150200.32.1 * openSUSE Leap 15.5 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * ucode-intel-20231113-150200.32.1 * Basesystem Module 15-SP4 (x86_64) * ucode-intel-20231113-150200.32.1 * Basesystem Module 15-SP5 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Manager Proxy 4.2 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Manager Server 4.2 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Enterprise Storage 7.1 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * ucode-intel-20231113-150200.32.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * ucode-intel-20231113-150200.32.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23583.html * https://bugzilla.suse.com/show_bug.cgi?id=1215278 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 15 08:01:02 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Nov 2023 09:01:02 +0100 (CET) Subject: SUSE-IU-2023:822-1: Security update of suse-sles-15-sp5-chost-byos-v20231113-x86_64-gen2 Message-ID: <20231115080102.82ED9FBA9@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20231113-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:822-1 Image Tags : suse-sles-15-sp5-chost-byos-v20231113-x86_64-gen2:20231113 Image Release : Severity : important Type : security References : 1107342 1196647 1201300 1205767 1206480 1206684 1210335 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215265 1215286 1215313 1215323 1215434 1215891 1215935 1215936 1215968 1216123 1216174 1216268 1216378 CVE-2023-1829 CVE-2023-23559 CVE-2023-4039 CVE-2023-43804 CVE-2023-44487 CVE-2023-45853 CVE-2023-46228 CVE-2023-4692 CVE-2023-4693 CVE-2023-4813 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20231113-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4108-1 Released: Wed Oct 18 11:51:12 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1215968,CVE-2023-43804 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4136-1 Released: Thu Oct 19 14:15:02 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Update to version 15.5.3: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4139-1 Released: Fri Oct 20 10:06:58 2023 Summary: Recommended update for containerd, runc Type: recommended Severity: moderate References: 1215323 This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: - https://github.com/containerd/containerd/releases/tag/v1.7.7 - https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 - Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4141-1 Released: Fri Oct 20 11:34:44 2023 Summary: Security update for grub2 Type: security Severity: important References: 1201300,1215935,1215936,CVE-2023-4692,CVE-2023-4693 This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: - Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4194-1 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4268-1 Released: Mon Oct 30 16:51:57 2023 Summary: Recommended update for pciutils Type: recommended Severity: important References: 1215265 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - containerd-ctr-1.7.7-150000.100.1 updated - containerd-1.7.7-150000.100.1 updated - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated - glibc-2.31-150300.63.1 updated - grub2-i386-pc-2.06-150500.29.8.1 updated - grub2-x86_64-efi-2.06-150500.29.8.1 updated - grub2-2.06-150500.29.8.1 updated - kernel-default-5.14.21-150500.55.36.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libpci3-3.5.6-150300.13.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libudev1-249.16-150400.8.35.5 updated - libz1-1.2.13-150500.4.3.1 updated - libzck1-1.1.16-150400.3.7.1 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - pciutils-3.5.6-150300.13.6.1 updated - python3-cryptography-3.3.2-150400.20.3 updated - python3-urllib3-1.25.10-150300.4.6.1 updated - runc-1.1.9-150000.52.2 updated - suse-module-tools-15.5.3-150500.3.6.1 updated - systemd-rpm-macros-14-150000.7.36.1 updated - systemd-sysvinit-249.16-150400.8.35.5 updated - systemd-249.16-150400.8.35.5 updated - udev-249.16-150400.8.35.5 updated From sle-security-updates at lists.suse.com Wed Nov 15 08:01:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Nov 2023 09:01:06 +0100 (CET) Subject: SUSE-IU-2023:823-1: Security update of suse-sles-15-sp5-chost-byos-v20231113-hvm-ssd-x86_64 Message-ID: <20231115080106.37025FBA9@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20231113-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:823-1 Image Tags : suse-sles-15-sp5-chost-byos-v20231113-hvm-ssd-x86_64:20231113 Image Release : Severity : important Type : security References : 1107342 1196647 1201300 1205767 1206480 1206684 1210335 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215265 1215286 1215313 1215323 1215434 1215891 1215935 1215936 1215968 1216123 1216174 1216268 1216378 CVE-2023-1829 CVE-2023-23559 CVE-2023-4039 CVE-2023-43804 CVE-2023-44487 CVE-2023-45853 CVE-2023-46228 CVE-2023-4692 CVE-2023-4693 CVE-2023-4813 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20231113-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4108-1 Released: Wed Oct 18 11:51:12 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1215968,CVE-2023-43804 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4136-1 Released: Thu Oct 19 14:15:02 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Update to version 15.5.3: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4139-1 Released: Fri Oct 20 10:06:58 2023 Summary: Recommended update for containerd, runc Type: recommended Severity: moderate References: 1215323 This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: - https://github.com/containerd/containerd/releases/tag/v1.7.7 - https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 - Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4141-1 Released: Fri Oct 20 11:34:44 2023 Summary: Security update for grub2 Type: security Severity: important References: 1201300,1215935,1215936,CVE-2023-4692,CVE-2023-4693 This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: - Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4194-1 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4268-1 Released: Mon Oct 30 16:51:57 2023 Summary: Recommended update for pciutils Type: recommended Severity: important References: 1215265 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - containerd-ctr-1.7.7-150000.100.1 updated - containerd-1.7.7-150000.100.1 updated - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated - glibc-2.31-150300.63.1 updated - grub2-i386-pc-2.06-150500.29.8.1 updated - grub2-x86_64-efi-2.06-150500.29.8.1 updated - grub2-x86_64-xen-2.06-150500.29.8.1 updated - grub2-2.06-150500.29.8.1 updated - kernel-default-5.14.21-150500.55.36.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libpci3-3.5.6-150300.13.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libudev1-249.16-150400.8.35.5 updated - libz1-1.2.13-150500.4.3.1 updated - libzck1-1.1.16-150400.3.7.1 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - pciutils-3.5.6-150300.13.6.1 updated - python3-cryptography-3.3.2-150400.20.3 updated - python3-urllib3-1.25.10-150300.4.6.1 updated - runc-1.1.9-150000.52.2 updated - suse-module-tools-15.5.3-150500.3.6.1 updated - systemd-rpm-macros-14-150000.7.36.1 updated - systemd-sysvinit-249.16-150400.8.35.5 updated - systemd-249.16-150400.8.35.5 updated - udev-249.16-150400.8.35.5 updated From sle-security-updates at lists.suse.com Wed Nov 15 08:01:12 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Nov 2023 09:01:12 +0100 (CET) Subject: SUSE-IU-2023:824-1: Security update of sles-15-sp5-chost-byos-v20231113-arm64 Message-ID: <20231115080112.6C192FBA9@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20231113-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:824-1 Image Tags : sles-15-sp5-chost-byos-v20231113-arm64:20231113 Image Release : Severity : important Type : security References : 1107342 1196647 1201300 1205767 1206480 1206684 1210335 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215265 1215286 1215313 1215323 1215434 1215891 1215935 1215936 1215968 1216123 1216174 1216268 1216378 CVE-2023-1829 CVE-2023-23559 CVE-2023-4039 CVE-2023-43804 CVE-2023-44487 CVE-2023-45853 CVE-2023-46228 CVE-2023-4692 CVE-2023-4693 CVE-2023-4813 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20231113-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4108-1 Released: Wed Oct 18 11:51:12 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1215968,CVE-2023-43804 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4136-1 Released: Thu Oct 19 14:15:02 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Update to version 15.5.3: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4139-1 Released: Fri Oct 20 10:06:58 2023 Summary: Recommended update for containerd, runc Type: recommended Severity: moderate References: 1215323 This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: - https://github.com/containerd/containerd/releases/tag/v1.7.7 - https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 - Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4141-1 Released: Fri Oct 20 11:34:44 2023 Summary: Security update for grub2 Type: security Severity: important References: 1201300,1215935,1215936,CVE-2023-4692,CVE-2023-4693 This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: - Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4194-1 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4268-1 Released: Mon Oct 30 16:51:57 2023 Summary: Recommended update for pciutils Type: recommended Severity: important References: 1215265 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - containerd-ctr-1.7.7-150000.100.1 updated - containerd-1.7.7-150000.100.1 updated - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated - glibc-2.31-150300.63.1 updated - grub2-i386-pc-2.06-150500.29.8.1 updated - grub2-x86_64-efi-2.06-150500.29.8.1 updated - grub2-2.06-150500.29.8.1 updated - kernel-default-5.14.21-150500.55.36.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libpci3-3.5.6-150300.13.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libudev1-249.16-150400.8.35.5 updated - libz1-1.2.13-150500.4.3.1 updated - libzck1-1.1.16-150400.3.7.1 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - pciutils-3.5.6-150300.13.6.1 updated - python3-cryptography-3.3.2-150400.20.3 updated - python3-urllib3-1.25.10-150300.4.6.1 updated - runc-1.1.9-150000.52.2 updated - suse-module-tools-15.5.3-150500.3.6.1 updated - systemd-rpm-macros-14-150000.7.36.1 updated - systemd-sysvinit-249.16-150400.8.35.5 updated - systemd-249.16-150400.8.35.5 updated - udev-249.16-150400.8.35.5 updated From sle-security-updates at lists.suse.com Wed Nov 15 12:30:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Nov 2023 12:30:06 -0000 Subject: SUSE-SU-2023:4449-1: moderate: Security update for exfatprogs Message-ID: <170005140604.13513.17989751430001746293@smelt2.prg2.suse.org> # Security update for exfatprogs Announcement ID: SUSE-SU-2023:4449-1 Rating: moderate References: * bsc#1216701 Cross-References: * CVE-2023-45897 CVSS scores: * CVE-2023-45897 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-45897 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for exfatprogs fixes the following issues: * CVE-2023-45897: Fixed out-of-bound memory issues in fsck (bsc#1216701). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4449=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4449=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4449=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4449=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4449=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * exfatprogs-debuginfo-1.0.4-150300.3.12.1 * exfatprogs-1.0.4-150300.3.12.1 * exfatprogs-debugsource-1.0.4-150300.3.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * exfatprogs-debuginfo-1.0.4-150300.3.12.1 * exfatprogs-1.0.4-150300.3.12.1 * exfatprogs-debugsource-1.0.4-150300.3.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * exfatprogs-debuginfo-1.0.4-150300.3.12.1 * exfatprogs-1.0.4-150300.3.12.1 * exfatprogs-debugsource-1.0.4-150300.3.12.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * exfatprogs-debuginfo-1.0.4-150300.3.12.1 * exfatprogs-1.0.4-150300.3.12.1 * exfatprogs-debugsource-1.0.4-150300.3.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * exfatprogs-debuginfo-1.0.4-150300.3.12.1 * exfatprogs-1.0.4-150300.3.12.1 * exfatprogs-debugsource-1.0.4-150300.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45897.html * https://bugzilla.suse.com/show_bug.cgi?id=1216701 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 15 16:30:03 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Nov 2023 16:30:03 -0000 Subject: SUSE-SU-2023:3082-2: important: Security update for qemu Message-ID: <170006580352.12720.1110235925947814296@smelt2.prg2.suse.org> # Security update for qemu Announcement ID: SUSE-SU-2023:3082-2 Rating: important References: * bsc#1179993 * bsc#1181740 * bsc#1207205 * bsc#1212968 * bsc#1213001 * bsc#1213414 Cross-References: * CVE-2023-0330 * CVE-2023-2861 * CVE-2023-3255 * CVE-2023-3301 CVSS scores: * CVE-2023-0330 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-0330 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-2861 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-3255 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3255 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3301 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves four vulnerabilities and has two security fixes can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2023-3301: Fixed incorrect cleanup of the vdpa/vhost-net structures if peer nic is present (bsc#1213414). * CVE-2023-0330: Fixed reentrancy issues in the LSI controller (bsc#1207205). * CVE-2023-2861: Fixed opening special files in 9pfs (bsc#1212968). * CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001). Bugfixes: * hw/ide/piix: properly initialize the BMIBA register (bsc#bsc#1179993) * Fixed issue where Guest did not run on XEN SLES15SP2 (bsc#1181740). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3082=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * qemu-hw-usb-redirect-7.1.0-150500.49.6.1 * qemu-chardev-spice-7.1.0-150500.49.6.1 * qemu-tools-7.1.0-150500.49.6.1 * qemu-guest-agent-7.1.0-150500.49.6.1 * qemu-ui-opengl-7.1.0-150500.49.6.1 * qemu-7.1.0-150500.49.6.1 * qemu-guest-agent-debuginfo-7.1.0-150500.49.6.1 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.6.1 * qemu-tools-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-spice-core-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.6.1 * qemu-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.6.1 * qemu-audio-spice-debuginfo-7.1.0-150500.49.6.1 * qemu-block-curl-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-vga-7.1.0-150500.49.6.1 * qemu-block-curl-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.6.1 * qemu-debugsource-7.1.0-150500.49.6.1 * qemu-hw-display-qxl-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.6.1 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.6.1 * qemu-audio-spice-7.1.0-150500.49.6.1 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64) * qemu-arm-7.1.0-150500.49.6.1 * qemu-arm-debuginfo-7.1.0-150500.49.6.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * qemu-ipxe-1.0.0+-150500.49.6.1 * qemu-sgabios-8-150500.49.6.1 * qemu-seabios-1.16.0_0_gd239552-150500.49.6.1 * qemu-vgabios-1.16.0_0_gd239552-150500.49.6.1 * SUSE Linux Enterprise Micro 5.5 (s390x) * qemu-s390x-7.1.0-150500.49.6.1 * qemu-s390x-debuginfo-7.1.0-150500.49.6.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * qemu-x86-debuginfo-7.1.0-150500.49.6.1 * qemu-accel-tcg-x86-7.1.0-150500.49.6.1 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.6.1 * qemu-x86-7.1.0-150500.49.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0330.html * https://www.suse.com/security/cve/CVE-2023-2861.html * https://www.suse.com/security/cve/CVE-2023-3255.html * https://www.suse.com/security/cve/CVE-2023-3301.html * https://bugzilla.suse.com/show_bug.cgi?id=1179993 * https://bugzilla.suse.com/show_bug.cgi?id=1181740 * https://bugzilla.suse.com/show_bug.cgi?id=1207205 * https://bugzilla.suse.com/show_bug.cgi?id=1212968 * https://bugzilla.suse.com/show_bug.cgi?id=1213001 * https://bugzilla.suse.com/show_bug.cgi?id=1213414 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 15 16:30:11 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Nov 2023 16:30:11 -0000 Subject: SUSE-SU-2023:4451-1: important: Security update for apache2 Message-ID: <170006581186.12720.10124651102808397339@smelt2.prg2.suse.org> # Security update for apache2 Announcement ID: SUSE-SU-2023:4451-1 Rating: important References: * bsc#1207399 * bsc#1214357 * bsc#1216424 Cross-References: * CVE-2023-31122 CVSS scores: * CVE-2023-31122 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: * Fixed the content type handling in mod_proxy_http2 (bsc#1214357). * Fixed a floating point exception crash (bsc#1207399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4451=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4451=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4451=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4451=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.51-35.35.1 * apache2-debuginfo-2.4.51-35.35.1 * apache2-tls13-debugsource-2.4.51-35.35.1 * apache2-tls13-debuginfo-2.4.51-35.35.1 * apache2-tls13-devel-2.4.51-35.35.1 * apache2-devel-2.4.51-35.35.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * apache2-debugsource-2.4.51-35.35.1 * apache2-debuginfo-2.4.51-35.35.1 * apache2-tls13-worker-2.4.51-35.35.1 * apache2-tls13-example-pages-2.4.51-35.35.1 * apache2-2.4.51-35.35.1 * apache2-prefork-debuginfo-2.4.51-35.35.1 * apache2-prefork-2.4.51-35.35.1 * apache2-tls13-2.4.51-35.35.1 * apache2-tls13-prefork-debuginfo-2.4.51-35.35.1 * apache2-tls13-utils-2.4.51-35.35.1 * apache2-tls13-debugsource-2.4.51-35.35.1 * apache2-example-pages-2.4.51-35.35.1 * apache2-tls13-prefork-2.4.51-35.35.1 * apache2-tls13-worker-debuginfo-2.4.51-35.35.1 * apache2-tls13-debuginfo-2.4.51-35.35.1 * apache2-utils-2.4.51-35.35.1 * apache2-worker-2.4.51-35.35.1 * apache2-worker-debuginfo-2.4.51-35.35.1 * apache2-utils-debuginfo-2.4.51-35.35.1 * apache2-tls13-utils-debuginfo-2.4.51-35.35.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * apache2-tls13-doc-2.4.51-35.35.1 * apache2-doc-2.4.51-35.35.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.51-35.35.1 * apache2-debuginfo-2.4.51-35.35.1 * apache2-tls13-worker-2.4.51-35.35.1 * apache2-tls13-example-pages-2.4.51-35.35.1 * apache2-2.4.51-35.35.1 * apache2-prefork-debuginfo-2.4.51-35.35.1 * apache2-prefork-2.4.51-35.35.1 * apache2-tls13-2.4.51-35.35.1 * apache2-tls13-prefork-debuginfo-2.4.51-35.35.1 * apache2-tls13-utils-2.4.51-35.35.1 * apache2-tls13-debugsource-2.4.51-35.35.1 * apache2-example-pages-2.4.51-35.35.1 * apache2-tls13-prefork-2.4.51-35.35.1 * apache2-tls13-worker-debuginfo-2.4.51-35.35.1 * apache2-tls13-debuginfo-2.4.51-35.35.1 * apache2-utils-2.4.51-35.35.1 * apache2-worker-2.4.51-35.35.1 * apache2-worker-debuginfo-2.4.51-35.35.1 * apache2-utils-debuginfo-2.4.51-35.35.1 * apache2-tls13-utils-debuginfo-2.4.51-35.35.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * apache2-tls13-doc-2.4.51-35.35.1 * apache2-doc-2.4.51-35.35.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * apache2-debugsource-2.4.51-35.35.1 * apache2-debuginfo-2.4.51-35.35.1 * apache2-tls13-worker-2.4.51-35.35.1 * apache2-tls13-example-pages-2.4.51-35.35.1 * apache2-2.4.51-35.35.1 * apache2-prefork-debuginfo-2.4.51-35.35.1 * apache2-prefork-2.4.51-35.35.1 * apache2-tls13-2.4.51-35.35.1 * apache2-tls13-prefork-debuginfo-2.4.51-35.35.1 * apache2-tls13-utils-2.4.51-35.35.1 * apache2-tls13-debugsource-2.4.51-35.35.1 * apache2-example-pages-2.4.51-35.35.1 * apache2-tls13-prefork-2.4.51-35.35.1 * apache2-tls13-worker-debuginfo-2.4.51-35.35.1 * apache2-tls13-debuginfo-2.4.51-35.35.1 * apache2-utils-2.4.51-35.35.1 * apache2-worker-2.4.51-35.35.1 * apache2-worker-debuginfo-2.4.51-35.35.1 * apache2-utils-debuginfo-2.4.51-35.35.1 * apache2-tls13-utils-debuginfo-2.4.51-35.35.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * apache2-tls13-doc-2.4.51-35.35.1 * apache2-doc-2.4.51-35.35.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31122.html * https://bugzilla.suse.com/show_bug.cgi?id=1207399 * https://bugzilla.suse.com/show_bug.cgi?id=1214357 * https://bugzilla.suse.com/show_bug.cgi?id=1216424 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 16 08:30:05 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Nov 2023 08:30:05 -0000 Subject: SUSE-SU-2023:4455-1: important: Security update for postgresql13 Message-ID: <170012340514.32571.7085543599238098664@smelt2.prg2.suse.org> # Security update for postgresql13 Announcement ID: SUSE-SU-2023:4455-1 Rating: important References: * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Galera for Ericsson 15 SP5 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for postgresql13 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) * Updated to 13.13: https://www.postgresql.org/docs/13/release-13-13.html * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4455=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4455=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4455=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4455=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4455=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4455=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4455=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4455=1 * Galera for Ericsson 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-ERICSSON-2023-4455=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4455=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4455=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4455=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-devel-13.13-150200.5.50.1 * postgresql13-test-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * openSUSE Leap 15.4 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-devel-13.13-150200.5.50.1 * postgresql13-test-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * openSUSE Leap 15.5 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-debuginfo-13.13-150200.5.50.1 * postgresql13-llvmjit-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * Legacy Module 15-SP4 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * Galera for Ericsson 15 SP5 (x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * Galera for Ericsson 15 SP5 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql13-docs-13.13-150200.5.50.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql13-debugsource-13.13-150200.5.50.1 * postgresql13-pltcl-13.13-150200.5.50.1 * postgresql13-server-debuginfo-13.13-150200.5.50.1 * postgresql13-plpython-13.13-150200.5.50.1 * postgresql13-server-13.13-150200.5.50.1 * postgresql13-13.13-150200.5.50.1 * postgresql13-contrib-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-13.13-150200.5.50.1 * postgresql13-plperl-debuginfo-13.13-150200.5.50.1 * postgresql13-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-server-devel-debuginfo-13.13-150200.5.50.1 * postgresql13-pltcl-debuginfo-13.13-150200.5.50.1 * postgresql13-devel-13.13-150200.5.50.1 * postgresql13-plpython-debuginfo-13.13-150200.5.50.1 * postgresql13-plperl-13.13-150200.5.50.1 * postgresql13-contrib-13.13-150200.5.50.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql13-docs-13.13-150200.5.50.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 16 08:30:08 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Nov 2023 08:30:08 -0000 Subject: SUSE-SU-2023:4454-1: important: Security update for postgresql12 Message-ID: <170012340804.32571.7270978850178703542@smelt2.prg2.suse.org> # Security update for postgresql12 Announcement ID: SUSE-SU-2023:4454-1 Rating: important References: * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for postgresql12 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) * Updated to 12.17: https://www.postgresql.org/docs/12/release-12-17.html * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4454=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4454=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4454=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4454=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4454=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4454=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4454=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4454=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4454=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4454=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-llvmjit-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-llvmjit-devel-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-llvmjit-debuginfo-12.17-150200.8.54.1 * postgresql12-test-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * openSUSE Leap 15.4 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-llvmjit-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-llvmjit-devel-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-llvmjit-debuginfo-12.17-150200.8.54.1 * postgresql12-test-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * openSUSE Leap 15.5 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql12-docs-12.17-150200.8.54.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql12-debuginfo-12.17-150200.8.54.1 * postgresql12-server-debuginfo-12.17-150200.8.54.1 * postgresql12-contrib-12.17-150200.8.54.1 * postgresql12-12.17-150200.8.54.1 * postgresql12-plperl-12.17-150200.8.54.1 * postgresql12-pltcl-12.17-150200.8.54.1 * postgresql12-contrib-debuginfo-12.17-150200.8.54.1 * postgresql12-pltcl-debuginfo-12.17-150200.8.54.1 * postgresql12-server-12.17-150200.8.54.1 * postgresql12-debugsource-12.17-150200.8.54.1 * postgresql12-server-devel-12.17-150200.8.54.1 * postgresql12-server-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-debuginfo-12.17-150200.8.54.1 * postgresql12-plperl-debuginfo-12.17-150200.8.54.1 * postgresql12-devel-12.17-150200.8.54.1 * postgresql12-plpython-12.17-150200.8.54.1 * postgresql12-plpython-debuginfo-12.17-150200.8.54.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql12-docs-12.17-150200.8.54.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 16 16:30:17 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Nov 2023 16:30:17 -0000 Subject: SUSE-SU-2023:4458-1: important: Security update for gcc13 Message-ID: <170015221743.31512.13992286959994806531@smelt2.prg2.suse.org> # Security update for gcc13 Announcement ID: SUSE-SU-2023:4458-1 Rating: important References: * bsc#1206480 * bsc#1206684 * bsc#1210557 * bsc#1211427 * bsc#1212101 * bsc#1213915 * bsc#1214052 * bsc#1214460 * bsc#1215427 * bsc#1216664 * jsc#PED-153 * jsc#PED-2005 * jsc#PED-252 * jsc#PED-253 * jsc#PED-6584 Cross-References: * CVE-2023-4039 CVSS scores: * CVE-2023-4039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4039 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability, contains five features and has nine security fixes can now be installed. ## Description: This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: * install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages. * override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) * Work around third party app crash during C++ standard library initialization. [bsc#1216664] * Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) * Bump included newlib to version 4.3.0. * Update to GCC trunk head (r13-5254-g05b9868b182bb9) * Redo floatn fixinclude pick-up to simply keep what is there. * Turn cross compiler to s390x to a glibc cross. [bsc#1214460] * Also handle -static-pie in the default-PIE specs * Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] * Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] * Add new x86-related intrinsics (amxcomplexintrin.h). * RISC-V: Add support for inlining subword atomic operations * Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. * Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. * Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. * Bump included newlib to version 4.3.0. * Also package libhwasan_preinit.o on aarch64. * Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. * Package libhwasan_preinit.o on x86_64. * Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] * Enable PRU flavour for gcc13 * update floatn fixinclude pickup to check each header separately (bsc#1206480) * Redo floatn fixinclude pick-up to simply keep what is there. * Bump libgo SONAME to libgo22. * Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. * Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. * Depend on at least LLVM 13 for GCN cross compiler. * Update embedded newlib to version 4.2.0 * Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4458=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4458=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4458=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4458=1 * SUSE Linux Enterprise Server 15 SP1 zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2023-4458=1 * SUSE Linux Enterprise Server 15 SP2 zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2023-4458=1 * SUSE Linux Enterprise Server 15 SP3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2023-4458=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4458=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4458=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4458=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4458=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4458=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4458=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4458=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4458=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4458=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4458=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4458=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4458=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4458=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4458=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4458=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4458=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4458=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4458=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4458=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4458=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4458=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4458=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4458=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4458=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4458=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4458=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4458=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4458=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4458=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4458=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4458=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4458=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4458=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4458=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4458=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4458=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64) * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64) * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * liblsan0-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * libada13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-13.2.1+git7813-150000.1.6.1 * libm2cor18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * gcc13-go-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * gcc13-ada-13.2.1+git7813-150000.1.6.1 * gcc13-ada-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libm2log18-debuginfo-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * gcc13-m2-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * gcc13-objc-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libm2log18-13.2.1+git7813-150000.1.6.1 * libm2min18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-objc-13.2.1+git7813-150000.1.6.1 * libm2pim18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-go-13.2.1+git7813-150000.1.6.1 * libm2cor18-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-m2-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libm2min18-13.2.1+git7813-150000.1.6.1 * libm2pim18-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.4 (x86_64) * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.4 (s390x x86_64) * libm2cor18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-go-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2cor18-32bit-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-objc-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-m2-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-d-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-ada-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.4 (aarch64 s390x x86_64) * libgdruntime4-13.2.1+git7813-150000.1.6.1 * gcc13-d-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-d-13.2.1+git7813-150000.1.6.1 * libgphobos4-debuginfo-13.2.1+git7813-150000.1.6.1 * libgphobos4-13.2.1+git7813-150000.1.6.1 * libgdruntime4-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.4 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.4 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.4 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * liblsan0-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * libada13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-13.2.1+git7813-150000.1.6.1 * libm2cor18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * gcc13-go-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * gcc13-ada-13.2.1+git7813-150000.1.6.1 * gcc13-ada-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libm2log18-debuginfo-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * gcc13-m2-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * gcc13-objc-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libm2log18-13.2.1+git7813-150000.1.6.1 * libm2min18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-objc-13.2.1+git7813-150000.1.6.1 * libm2pim18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-go-13.2.1+git7813-150000.1.6.1 * libm2cor18-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-m2-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libm2min18-13.2.1+git7813-150000.1.6.1 * libm2pim18-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.5 (x86_64) * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.5 (s390x x86_64) * libm2cor18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-go-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2cor18-32bit-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-objc-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-m2-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-d-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-ada-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.5 (aarch64 s390x x86_64) * libgdruntime4-13.2.1+git7813-150000.1.6.1 * gcc13-d-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-d-13.2.1+git7813-150000.1.6.1 * libgphobos4-debuginfo-13.2.1+git7813-150000.1.6.1 * libgphobos4-13.2.1+git7813-150000.1.6.1 * libgdruntime4-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.5 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.5 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * openSUSE Leap 15.5 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP1 (aarch64 ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP2 (aarch64 ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 (aarch64 ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Manager Proxy 4.3 (x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * libstdc++6-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP4 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP4 (x86_64) * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP5 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-13.2.1+git7813-150000.1.6.1 * Basesystem Module 15-SP5 (x86_64) * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * Development Tools Module 15-SP4 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * Development Tools Module 15-SP4 (x86_64) * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * Development Tools Module 15-SP5 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * Development Tools Module 15-SP5 (x86_64) * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libada13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-13.2.1+git7813-150000.1.6.1 * libm2cor18-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-13.2.1+git7813-150000.1.6.1 * libm2iso18-13.2.1+git7813-150000.1.6.1 * gcc13-go-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-ada-13.2.1+git7813-150000.1.6.1 * gcc13-ada-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2log18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-m2-13.2.1+git7813-150000.1.6.1 * libm2iso18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-13.2.1+git7813-150000.1.6.1 * libm2log18-13.2.1+git7813-150000.1.6.1 * gcc13-objc-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2min18-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2pim18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-objc-13.2.1+git7813-150000.1.6.1 * gcc13-go-13.2.1+git7813-150000.1.6.1 * libm2cor18-13.2.1+git7813-150000.1.6.1 * gcc13-m2-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2min18-13.2.1+git7813-150000.1.6.1 * libm2pim18-13.2.1+git7813-150000.1.6.1 * SUSE Package Hub 15 15-SP4 (aarch64 s390x x86_64) * libgdruntime4-13.2.1+git7813-150000.1.6.1 * gcc13-d-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-d-13.2.1+git7813-150000.1.6.1 * libgphobos4-debuginfo-13.2.1+git7813-150000.1.6.1 * libgphobos4-13.2.1+git7813-150000.1.6.1 * libgdruntime4-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libm2cor18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-go-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2cor18-32bit-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-objc-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-m2-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-d-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-ada-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-32bit-13.2.1+git7813-150000.1.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libada13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-13.2.1+git7813-150000.1.6.1 * libm2cor18-debuginfo-13.2.1+git7813-150000.1.6.1 * libgo22-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-13.2.1+git7813-150000.1.6.1 * libm2iso18-13.2.1+git7813-150000.1.6.1 * gcc13-go-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-ada-13.2.1+git7813-150000.1.6.1 * gcc13-ada-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2log18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-m2-13.2.1+git7813-150000.1.6.1 * libm2iso18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-13.2.1+git7813-150000.1.6.1 * libm2log18-13.2.1+git7813-150000.1.6.1 * gcc13-objc-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2min18-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2pim18-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-objc-13.2.1+git7813-150000.1.6.1 * gcc13-go-13.2.1+git7813-150000.1.6.1 * libm2cor18-13.2.1+git7813-150000.1.6.1 * gcc13-m2-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2min18-13.2.1+git7813-150000.1.6.1 * libm2pim18-13.2.1+git7813-150000.1.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 s390x x86_64) * libgdruntime4-13.2.1+git7813-150000.1.6.1 * gcc13-d-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-d-13.2.1+git7813-150000.1.6.1 * libgphobos4-debuginfo-13.2.1+git7813-150000.1.6.1 * libgphobos4-13.2.1+git7813-150000.1.6.1 * libgdruntime4-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Package Hub 15 15-SP5 (x86_64) * libm2cor18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-go-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-13.2.1+git7813-150000.1.6.1 * libm2pim18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2cor18-32bit-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-13.2.1+git7813-150000.1.6.1 * libgphobos4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-objc-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-m2-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgdruntime4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-d-32bit-13.2.1+git7813-150000.1.6.1 * libgo22-32bit-13.2.1+git7813-150000.1.6.1 * libm2iso18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libada13-32bit-13.2.1+git7813-150000.1.6.1 * libm2min18-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-ada-32bit-13.2.1+git7813-150000.1.6.1 * libm2log18-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-obj-c++-32bit-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (s390x x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * liblsan0-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * SUSE Enterprise Storage 7.1 (x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE Enterprise Storage 7.1 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE CaaS Platform 4.0 (x86_64) * libquadmath0-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.6.1 * liblsan0-13.2.1+git7813-150000.1.6.1 * cpp13-13.2.1+git7813-150000.1.6.1 * liblsan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-13.2.1+git7813-150000.1.6.1 * libobjc4-13.2.1+git7813-150000.1.6.1 * gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-13.2.1+git7813-150000.1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.6.1 * libatomic1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-locale-13.2.1+git7813-150000.1.6.1 * libubsan1-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libobjc4-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-c++-13.2.1+git7813-150000.1.6.1 * libobjc4-32bit-13.2.1+git7813-150000.1.6.1 * libgomp1-13.2.1+git7813-150000.1.6.1 * libasan8-13.2.1+git7813-150000.1.6.1 * libasan8-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-c++-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.6.1 * cpp13-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-debuginfo-13.2.1+git7813-150000.1.6.1 * libhwasan0-13.2.1+git7813-150000.1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgomp1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-debugsource-13.2.1+git7813-150000.1.6.1 * libubsan1-13.2.1+git7813-150000.1.6.1 * libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-13.2.1+git7813-150000.1.6.1 * libitm1-13.2.1+git7813-150000.1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libgfortran5-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-13.2.1+git7813-150000.1.6.1 * gcc13-32bit-13.2.1+git7813-150000.1.6.1 * gcc13-PIE-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libtsan2-13.2.1+git7813-150000.1.6.1 * gcc13-locale-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-13.2.1+git7813-150000.1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * gcc13-fortran-13.2.1+git7813-150000.1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.6.1 * SUSE CaaS Platform 4.0 (noarch) * gcc13-info-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.6.1 * libstdc++6-13.2.1+git7813-150000.1.6.1 * libgcc_s1-13.2.1+git7813-150000.1.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4039.html * https://bugzilla.suse.com/show_bug.cgi?id=1206480 * https://bugzilla.suse.com/show_bug.cgi?id=1206684 * https://bugzilla.suse.com/show_bug.cgi?id=1210557 * https://bugzilla.suse.com/show_bug.cgi?id=1211427 * https://bugzilla.suse.com/show_bug.cgi?id=1212101 * https://bugzilla.suse.com/show_bug.cgi?id=1213915 * https://bugzilla.suse.com/show_bug.cgi?id=1214052 * https://bugzilla.suse.com/show_bug.cgi?id=1214460 * https://bugzilla.suse.com/show_bug.cgi?id=1215427 * https://bugzilla.suse.com/show_bug.cgi?id=1216664 * https://jira.suse.com/browse/PED-153 * https://jira.suse.com/browse/PED-2005 * https://jira.suse.com/browse/PED-252 * https://jira.suse.com/browse/PED-253 * https://jira.suse.com/browse/PED-6584 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 16 20:30:03 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:03 -0000 Subject: SUSE-SU-2023:4472-1: important: Security update for go1.20-openssl Message-ID: <170016660362.13857.11210045503471000231@smelt2.prg2.suse.org> # Security update for go1.20-openssl Announcement ID: SUSE-SU-2023:4472-1 Rating: important References: * bsc#1206346 * bsc#1215985 * bsc#1216109 * bsc#1216943 * bsc#1216944 Cross-References: * CVE-2023-39323 * CVE-2023-39325 * CVE-2023-44487 * CVE-2023-45283 * CVE-2023-45284 CVSS scores: * CVE-2023-39323 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39323 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39325 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39325 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45283 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves five vulnerabilities can now be installed. ## Description: This update for go1.20-openssl fixes the following issues: Update to version 1.20.11.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.11-1-openssl-fips. * Update to go1.20.11 go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * cmd/link: split text sections for arm 32-bit * net/http: http2 page fails on firefox/safari if pushing resources Update to version 1.20.10.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.10-1-openssl-fips. * Update to go1.20.10 go1.20.10 (released 2023-10-10) includes a security fix to the net/http package. * security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work (bsc#1216109) go1.20.9 (released 2023-10-05) includes one security fixes to the cmd/go package, as well as bug fixes to the go command and the linker. * security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build (bsc#1215985) * cmd/link: issues with Apple's new linker in Xcode 15 beta ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4472=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4472=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4472=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4472=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-doc-1.20.11.1-150000.1.14.1 * go1.20-openssl-debuginfo-1.20.11.1-150000.1.14.1 * go1.20-openssl-1.20.11.1-150000.1.14.1 * go1.20-openssl-race-1.20.11.1-150000.1.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-doc-1.20.11.1-150000.1.14.1 * go1.20-openssl-debuginfo-1.20.11.1-150000.1.14.1 * go1.20-openssl-1.20.11.1-150000.1.14.1 * go1.20-openssl-race-1.20.11.1-150000.1.14.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-doc-1.20.11.1-150000.1.14.1 * go1.20-openssl-debuginfo-1.20.11.1-150000.1.14.1 * go1.20-openssl-1.20.11.1-150000.1.14.1 * go1.20-openssl-race-1.20.11.1-150000.1.14.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.20-openssl-doc-1.20.11.1-150000.1.14.1 * go1.20-openssl-debuginfo-1.20.11.1-150000.1.14.1 * go1.20-openssl-1.20.11.1-150000.1.14.1 * go1.20-openssl-race-1.20.11.1-150000.1.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39323.html * https://www.suse.com/security/cve/CVE-2023-39325.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45283.html * https://www.suse.com/security/cve/CVE-2023-45284.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1215985 * https://bugzilla.suse.com/show_bug.cgi?id=1216109 * https://bugzilla.suse.com/show_bug.cgi?id=1216943 * https://bugzilla.suse.com/show_bug.cgi?id=1216944 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 16 20:30:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:06 -0000 Subject: SUSE-SU-2023:4471-1: moderate: Security update for go1.21 Message-ID: <170016660685.13857.6419016140571780817@smelt2.prg2.suse.org> # Security update for go1.21 Announcement ID: SUSE-SU-2023:4471-1 Rating: moderate References: * bsc#1212475 * bsc#1216943 * bsc#1216944 Cross-References: * CVE-2023-45283 * CVE-2023-45284 CVSS scores: * CVE-2023-45283 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.21 fixes the following issues: go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * spec: update unification rules * cmd/compile: internal compiler error: expected struct value to have type struct * cmd/link: split text sections for arm 32-bit * runtime: MADV_COLLAPSE causes production performance issues on Linux * go/types, x/tools/go/ssa: panic: type param without replacement encountered * cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64 * net/http: http2 page fails on firefox/safari if pushing resources ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4471=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4471=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4471=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4471=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.21-1.21.4-150000.1.15.1 * go1.21-race-1.21.4-150000.1.15.1 * go1.21-doc-1.21.4-150000.1.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.21-1.21.4-150000.1.15.1 * go1.21-race-1.21.4-150000.1.15.1 * go1.21-doc-1.21.4-150000.1.15.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.21-1.21.4-150000.1.15.1 * go1.21-doc-1.21.4-150000.1.15.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.21-race-1.21.4-150000.1.15.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.21-1.21.4-150000.1.15.1 * go1.21-race-1.21.4-150000.1.15.1 * go1.21-doc-1.21.4-150000.1.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45283.html * https://www.suse.com/security/cve/CVE-2023-45284.html * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1216943 * https://bugzilla.suse.com/show_bug.cgi?id=1216944 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 16 20:30:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:09 -0000 Subject: SUSE-SU-2023:4470-1: moderate: Security update for go1.20 Message-ID: <170016660990.13857.17164955184477420481@smelt2.prg2.suse.org> # Security update for go1.20 Announcement ID: SUSE-SU-2023:4470-1 Rating: moderate References: * bsc#1206346 * bsc#1216943 * bsc#1216944 Cross-References: * CVE-2023-45283 * CVE-2023-45284 CVSS scores: * CVE-2023-45283 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.20 fixes the following issues: go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * cmd/link: split text sections for arm 32-bit * net/http: http2 page fails on firefox/safari if pushing resources ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4470=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4470=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4470=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4470=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-race-1.20.11-150000.1.32.1 * go1.20-debuginfo-1.20.11-150000.1.32.1 * go1.20-1.20.11-150000.1.32.1 * go1.20-doc-1.20.11-150000.1.32.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.20-race-1.20.11-150000.1.32.1 * go1.20-debuginfo-1.20.11-150000.1.32.1 * go1.20-1.20.11-150000.1.32.1 * go1.20-doc-1.20.11-150000.1.32.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.11-150000.1.32.1 * go1.20-1.20.11-150000.1.32.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.20-race-1.20.11-150000.1.32.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.20-race-1.20.11-150000.1.32.1 * go1.20-debuginfo-1.20.11-150000.1.32.1 * go1.20-1.20.11-150000.1.32.1 * go1.20-doc-1.20.11-150000.1.32.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45283.html * https://www.suse.com/security/cve/CVE-2023-45284.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1216943 * https://bugzilla.suse.com/show_bug.cgi?id=1216944 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 16 20:30:14 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:14 -0000 Subject: SUSE-SU-2023:4469-1: moderate: Security update for go1.21-openssl Message-ID: <170016661436.13857.6865606478697277213@smelt2.prg2.suse.org> # Security update for go1.21-openssl Announcement ID: SUSE-SU-2023:4469-1 Rating: moderate References: * bsc#1212475 * bsc#1212667 * bsc#1212669 * bsc#1215084 * bsc#1215085 * bsc#1215086 * bsc#1215087 * bsc#1215090 * bsc#1215985 * bsc#1216109 * bsc#1216943 * bsc#1216944 * jsc#SLE-18320 Cross-References: * CVE-2023-39318 * CVE-2023-39319 * CVE-2023-39320 * CVE-2023-39321 * CVE-2023-39322 * CVE-2023-39323 * CVE-2023-39325 * CVE-2023-44487 * CVE-2023-45283 * CVE-2023-45284 CVSS scores: * CVE-2023-39318 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2023-39318 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-39319 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2023-39319 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-39320 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-39320 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39321 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39321 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39322 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39322 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39323 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39323 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39325 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39325 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45283 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 10 vulnerabilities, contains one feature and has two security fixes can now be installed. ## Description: This update for go1.21-openssl fixes the following issues: Update to version 1.21.4.1 cut from the go1.21-openssl-fips branch at the revision tagged go1.21.4-1-openssl-fips. * Update to go1.21.4 go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * spec: update unification rules * cmd/compile: internal compiler error: expected struct value to have type struct * cmd/link: split text sections for arm 32-bit * runtime: MADV_COLLAPSE causes production performance issues on Linux * go/types, x/tools/go/ssa: panic: type param without replacement encountered * cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64 * net/http: http2 page fails on firefox/safari if pushing resources Initial package go1.21-openssl version 1.21.3.1 cut from the go1.21-openssl-fips branch at the revision tagged go1.21.3-1-openssl-fips. (jsc#SLE-18320) * Go upstream merged branch dev.boringcrypto in go1.19+. * In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto. * In go1.x-openssl enable FIPS mode (or boring mode as the package is named) either via an environment variable GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode. * When the operating system is operating in FIPS mode, Go applications which import crypto/tls/fipsonly limit operations to the FIPS ciphersuite. * go1.x-openssl is delivered as two large patches to go1.x applying necessary modifications from the golang-fips/go GitHub project for the Go crypto library to use OpenSSL as the external cryptographic library in a FIPS compliant way. * go1.x-openssl modifies the crypto/* packages to use OpenSSL for cryptographic operations. * go1.x-openssl uses dlopen() to call into OpenSSL. * SUSE RPM packaging introduces a fourth version digit go1.x.y.z corresponding to the golang-fips/go patchset tagged revision. * Patchset improvements can be updated independently of upstream Go maintenance releases. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4469=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4469=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4469=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4469=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-doc-1.21.4.1-150000.1.5.1 * go1.21-openssl-race-1.21.4.1-150000.1.5.1 * go1.21-openssl-1.21.4.1-150000.1.5.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-doc-1.21.4.1-150000.1.5.1 * go1.21-openssl-race-1.21.4.1-150000.1.5.1 * go1.21-openssl-1.21.4.1-150000.1.5.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-doc-1.21.4.1-150000.1.5.1 * go1.21-openssl-race-1.21.4.1-150000.1.5.1 * go1.21-openssl-1.21.4.1-150000.1.5.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.21-openssl-doc-1.21.4.1-150000.1.5.1 * go1.21-openssl-race-1.21.4.1-150000.1.5.1 * go1.21-openssl-1.21.4.1-150000.1.5.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39318.html * https://www.suse.com/security/cve/CVE-2023-39319.html * https://www.suse.com/security/cve/CVE-2023-39320.html * https://www.suse.com/security/cve/CVE-2023-39321.html * https://www.suse.com/security/cve/CVE-2023-39322.html * https://www.suse.com/security/cve/CVE-2023-39323.html * https://www.suse.com/security/cve/CVE-2023-39325.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45283.html * https://www.suse.com/security/cve/CVE-2023-45284.html * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1212667 * https://bugzilla.suse.com/show_bug.cgi?id=1212669 * https://bugzilla.suse.com/show_bug.cgi?id=1215084 * https://bugzilla.suse.com/show_bug.cgi?id=1215085 * https://bugzilla.suse.com/show_bug.cgi?id=1215086 * https://bugzilla.suse.com/show_bug.cgi?id=1215087 * https://bugzilla.suse.com/show_bug.cgi?id=1215090 * https://bugzilla.suse.com/show_bug.cgi?id=1215985 * https://bugzilla.suse.com/show_bug.cgi?id=1216109 * https://bugzilla.suse.com/show_bug.cgi?id=1216943 * https://bugzilla.suse.com/show_bug.cgi?id=1216944 * https://jira.suse.com/browse/SLE-18320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 16 20:30:17 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:17 -0000 Subject: SUSE-SU-2023:4468-1: moderate: Security update for python-urllib3 Message-ID: <170016661722.13857.11388979207323946560@smelt2.prg2.suse.org> # Security update for python-urllib3 Announcement ID: SUSE-SU-2023:4468-1 Rating: moderate References: * bsc#1216377 Cross-References: * CVE-2023-45803 CVSS scores: * CVE-2023-45803 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-45803 ( NVD ): 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-urllib3 fixes the following issues: * CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-4468=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4468=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4468=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4468=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4468=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4468=1 ## Package List: * Public Cloud Module 12 (noarch) * python3-urllib3-1.25.10-3.37.1 * python-urllib3-1.25.10-3.37.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * python3-urllib3-1.25.10-3.37.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * python3-urllib3-1.25.10-3.37.1 * python-urllib3-1.25.10-3.37.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * python3-urllib3-1.25.10-3.37.1 * python-urllib3-1.25.10-3.37.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * python3-urllib3-1.25.10-3.37.1 * python-urllib3-1.25.10-3.37.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * python3-urllib3-1.25.10-3.37.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45803.html * https://bugzilla.suse.com/show_bug.cgi?id=1216377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 16 20:30:19 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:19 -0000 Subject: SUSE-SU-2023:4467-1: moderate: Security update for python-urllib3 Message-ID: <170016661962.13857.16442195657734141320@smelt2.prg2.suse.org> # Security update for python-urllib3 Announcement ID: SUSE-SU-2023:4467-1 Rating: moderate References: * bsc#1216377 Cross-References: * CVE-2023-45803 CVSS scores: * CVE-2023-45803 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-45803 ( NVD ): 4.2 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-urllib3 fixes the following issues: * CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4467=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4467=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4467=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4467=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4467=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4467=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4467=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4467=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4467=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4467=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4467=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4467=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4467=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4467=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4467=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4467=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4467=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4467=1 ## Package List: * openSUSE Leap 15.3 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * openSUSE Leap Micro 5.3 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * openSUSE Leap Micro 5.4 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * openSUSE Leap 15.4 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * openSUSE Leap 15.5 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * Basesystem Module 15-SP4 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * Basesystem Module 15-SP5 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Manager Proxy 4.2 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Manager Server 4.2 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-urllib3-1.25.10-150300.4.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45803.html * https://bugzilla.suse.com/show_bug.cgi?id=1216377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 16 20:30:23 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:23 -0000 Subject: SUSE-SU-2023:4466-1: important: Security update for xen Message-ID: <170016662321.13857.10985287212593009950@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4466-1 Rating: important References: * bsc#1216654 * bsc#1216807 Cross-References: * CVE-2023-46835 * CVE-2023-46836 CVSS scores: * CVE-2023-46835 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4466=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4466=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4466=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4466=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4466=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4466=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4466=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4466=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4466=1 ## Package List: * openSUSE Leap 15.3 (aarch64 x86_64 i586) * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-tools-domU-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * xen-tools-domU-4.14.6_08-150300.3.60.1 * xen-devel-4.14.6_08-150300.3.60.1 * openSUSE Leap 15.3 (x86_64) * xen-libs-32bit-4.14.6_08-150300.3.60.1 * xen-libs-32bit-debuginfo-4.14.6_08-150300.3.60.1 * openSUSE Leap 15.3 (aarch64 x86_64) * xen-tools-debuginfo-4.14.6_08-150300.3.60.1 * xen-tools-4.14.6_08-150300.3.60.1 * xen-4.14.6_08-150300.3.60.1 * xen-doc-html-4.14.6_08-150300.3.60.1 * openSUSE Leap 15.3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_08-150300.3.60.1 * openSUSE Leap 15.3 (aarch64_ilp32) * xen-libs-64bit-4.14.6_08-150300.3.60.1 * xen-libs-64bit-debuginfo-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * xen-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-tools-debuginfo-4.14.6_08-150300.3.60.1 * xen-tools-domU-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * xen-tools-domU-4.14.6_08-150300.3.60.1 * xen-tools-4.14.6_08-150300.3.60.1 * xen-devel-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * xen-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-tools-debuginfo-4.14.6_08-150300.3.60.1 * xen-tools-domU-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * xen-tools-domU-4.14.6_08-150300.3.60.1 * xen-tools-4.14.6_08-150300.3.60.1 * xen-devel-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * xen-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-tools-debuginfo-4.14.6_08-150300.3.60.1 * xen-tools-domU-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * xen-tools-domU-4.14.6_08-150300.3.60.1 * xen-tools-4.14.6_08-150300.3.60.1 * xen-devel-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * xen-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-tools-debuginfo-4.14.6_08-150300.3.60.1 * xen-tools-domU-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * xen-tools-domU-4.14.6_08-150300.3.60.1 * xen-tools-4.14.6_08-150300.3.60.1 * xen-devel-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_08-150300.3.60.1 * SUSE Enterprise Storage 7.1 (x86_64) * xen-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-tools-debuginfo-4.14.6_08-150300.3.60.1 * xen-tools-domU-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * xen-tools-domU-4.14.6_08-150300.3.60.1 * xen-tools-4.14.6_08-150300.3.60.1 * xen-devel-4.14.6_08-150300.3.60.1 * SUSE Enterprise Storage 7.1 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * xen-libs-debuginfo-4.14.6_08-150300.3.60.1 * xen-debugsource-4.14.6_08-150300.3.60.1 * xen-libs-4.14.6_08-150300.3.60.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46835.html * https://www.suse.com/security/cve/CVE-2023-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1216654 * https://bugzilla.suse.com/show_bug.cgi?id=1216807 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 16 20:30:26 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:26 -0000 Subject: SUSE-SU-2023:4465-1: important: Security update for python-Pillow Message-ID: <170016662608.13857.4832572112508798208@smelt2.prg2.suse.org> # Security update for python-Pillow Announcement ID: SUSE-SU-2023:4465-1 Rating: important References: * bsc#1216894 Cross-References: * CVE-2023-44271 CVSS scores: * CVE-2023-44271 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44271 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issues: * CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4465=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4465=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4465=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-Pillow-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-7.2.0-150300.3.3.1 * python3-Pillow-7.2.0-150300.3.3.1 * python-Pillow-debugsource-7.2.0-150300.3.3.1 * python3-Pillow-debuginfo-7.2.0-150300.3.3.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python-Pillow-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-7.2.0-150300.3.3.1 * python3-Pillow-7.2.0-150300.3.3.1 * python-Pillow-debugsource-7.2.0-150300.3.3.1 * python3-Pillow-debuginfo-7.2.0-150300.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-Pillow-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-7.2.0-150300.3.3.1 * python3-Pillow-7.2.0-150300.3.3.1 * python-Pillow-debugsource-7.2.0-150300.3.3.1 * python3-Pillow-debuginfo-7.2.0-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44271.html * https://bugzilla.suse.com/show_bug.cgi?id=1216894 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 16 20:30:28 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:28 -0000 Subject: SUSE-SU-2023:4464-1: moderate: Security update for libxml2 Message-ID: <170016662888.13857.2460141604270490020@smelt2.prg2.suse.org> # Security update for libxml2 Announcement ID: SUSE-SU-2023:4464-1 Rating: moderate References: * bsc#1216129 Cross-References: * CVE-2023-45322 CVSS scores: * CVE-2023-45322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-45322 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4464=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4464=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4464=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4464=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4464=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python3-libxml2-python-2.9.7-150000.3.63.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.63.1 * python-libxml2-python-debugsource-2.9.7-150000.3.63.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python3-libxml2-python-2.9.7-150000.3.63.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.63.1 * python-libxml2-python-debugsource-2.9.7-150000.3.63.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libxml2-2-debuginfo-2.9.7-150000.3.63.1 * libxml2-tools-debuginfo-2.9.7-150000.3.63.1 * libxml2-2-2.9.7-150000.3.63.1 * libxml2-tools-2.9.7-150000.3.63.1 * libxml2-debugsource-2.9.7-150000.3.63.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-libxml2-python-2.9.7-150000.3.63.1 * libxml2-2-debuginfo-2.9.7-150000.3.63.1 * libxml2-tools-debuginfo-2.9.7-150000.3.63.1 * libxml2-2-2.9.7-150000.3.63.1 * libxml2-tools-2.9.7-150000.3.63.1 * libxml2-debugsource-2.9.7-150000.3.63.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.63.1 * python-libxml2-python-debugsource-2.9.7-150000.3.63.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-libxml2-python-2.9.7-150000.3.63.1 * libxml2-2-debuginfo-2.9.7-150000.3.63.1 * libxml2-tools-debuginfo-2.9.7-150000.3.63.1 * libxml2-2-2.9.7-150000.3.63.1 * libxml2-tools-2.9.7-150000.3.63.1 * libxml2-debugsource-2.9.7-150000.3.63.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.63.1 * python-libxml2-python-debugsource-2.9.7-150000.3.63.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45322.html * https://bugzilla.suse.com/show_bug.cgi?id=1216129 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 16 20:30:31 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Nov 2023 20:30:31 -0000 Subject: SUSE-SU-2023:4463-1: moderate: Security update for libnbd Message-ID: <170016663141.13857.2357373815786634577@smelt2.prg2.suse.org> # Security update for libnbd Announcement ID: SUSE-SU-2023:4463-1 Rating: moderate References: * bsc#1216769 Cross-References: * CVE-2023-5871 CVSS scores: * CVE-2023-5871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that solves one vulnerability can now be installed. ## Description: This update for libnbd fixes the following issues: * CVE-2023-5871: Fixed an assertion problem in ext-mode BLOCK_STATUS (bsc#1216769). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4463=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4463=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4463=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libnbd-devel-1.18.1-150300.8.18.1 * libnbd-debuginfo-1.18.1-150300.8.18.1 * libnbd-1.18.1-150300.8.18.1 * libnbd0-1.18.1-150300.8.18.1 * libnbd0-debuginfo-1.18.1-150300.8.18.1 * nbdfuse-debuginfo-1.18.1-150300.8.18.1 * libnbd-debugsource-1.18.1-150300.8.18.1 * nbdfuse-1.18.1-150300.8.18.1 * openSUSE Leap 15.4 (noarch) * libnbd-bash-completion-1.18.1-150300.8.18.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libnbd-devel-1.18.1-150300.8.18.1 * python3-libnbd-1.18.1-150300.8.18.1 * python3-libnbd-debuginfo-1.18.1-150300.8.18.1 * libnbd-debuginfo-1.18.1-150300.8.18.1 * libnbd-1.18.1-150300.8.18.1 * libnbd0-1.18.1-150300.8.18.1 * libnbd0-debuginfo-1.18.1-150300.8.18.1 * nbdfuse-debuginfo-1.18.1-150300.8.18.1 * libnbd-debugsource-1.18.1-150300.8.18.1 * nbdfuse-1.18.1-150300.8.18.1 * openSUSE Leap 15.5 (noarch) * libnbd-bash-completion-1.18.1-150300.8.18.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libnbd-devel-1.18.1-150300.8.18.1 * python3-libnbd-1.18.1-150300.8.18.1 * python3-libnbd-debuginfo-1.18.1-150300.8.18.1 * libnbd-debuginfo-1.18.1-150300.8.18.1 * libnbd-1.18.1-150300.8.18.1 * libnbd0-1.18.1-150300.8.18.1 * libnbd0-debuginfo-1.18.1-150300.8.18.1 * nbdfuse-debuginfo-1.18.1-150300.8.18.1 * libnbd-debugsource-1.18.1-150300.8.18.1 * nbdfuse-1.18.1-150300.8.18.1 * openSUSE Leap 15.3 (noarch) * libnbd-bash-completion-1.18.1-150300.8.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5871.html * https://bugzilla.suse.com/show_bug.cgi?id=1216769 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 17 08:03:34 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 09:03:34 +0100 (CET) Subject: SUSE-CU-2023:3717-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231117080334.E3745FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3717-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.5 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.5 Container Release : 9.30.5 Severity : moderate Type : security References : 1216377 CVE-2023-45803 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). The following package changes have been done: - python3-urllib3-1.25.10-150300.4.9.1 updated From sle-security-updates at lists.suse.com Fri Nov 17 08:30:08 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 08:30:08 -0000 Subject: SUSE-SU-2023:4476-1: important: Security update for xen Message-ID: <170020980821.12915.14711125913675101263@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4476-1 Rating: important References: * bsc#1027519 * bsc#1215145 * bsc#1215474 * bsc#1215746 * bsc#1215747 * bsc#1215748 * bsc#1216654 * bsc#1216807 Cross-References: * CVE-2023-20588 * CVE-2023-34322 * CVE-2023-34325 * CVE-2023-34326 * CVE-2023-34327 * CVE-2023-34328 * CVE-2023-46835 * CVE-2023-46836 CVSS scores: * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34322 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-34325 ( SUSE ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-34326 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34327 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34328 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46835 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves eight vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). * CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). * CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). * CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). * CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). * Upstream bug fixes (bsc#1027519) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4476=1 SUSE-2023-4476=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4476=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4476=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4476=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4476=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4476=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4476=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4476=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4476=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * xen-tools-4.16.5_08-150400.4.40.1 * xen-tools-debuginfo-4.16.5_08-150400.4.40.1 * xen-4.16.5_08-150400.4.40.1 * xen-doc-html-4.16.5_08-150400.4.40.1 * openSUSE Leap 15.4 (aarch64 x86_64 i586) * xen-tools-domU-4.16.5_08-150400.4.40.1 * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-tools-domU-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * xen-devel-4.16.5_08-150400.4.40.1 * openSUSE Leap 15.4 (x86_64) * xen-libs-32bit-4.16.5_08-150400.4.40.1 * xen-libs-32bit-debuginfo-4.16.5_08-150400.4.40.1 * openSUSE Leap 15.4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_08-150400.4.40.1 * openSUSE Leap 15.4 (aarch64_ilp32) * xen-libs-64bit-debuginfo-4.16.5_08-150400.4.40.1 * xen-libs-64bit-4.16.5_08-150400.4.40.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * Basesystem Module 15-SP4 (x86_64) * xen-tools-domU-4.16.5_08-150400.4.40.1 * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-tools-domU-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * Server Applications Module 15-SP4 (x86_64) * xen-tools-debuginfo-4.16.5_08-150400.4.40.1 * xen-4.16.5_08-150400.4.40.1 * xen-tools-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * xen-devel-4.16.5_08-150400.4.40.1 * Server Applications Module 15-SP4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_08-150400.4.40.1 * openSUSE Leap Micro 5.3 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * openSUSE Leap Micro 5.4 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34322.html * https://www.suse.com/security/cve/CVE-2023-34325.html * https://www.suse.com/security/cve/CVE-2023-34326.html * https://www.suse.com/security/cve/CVE-2023-34327.html * https://www.suse.com/security/cve/CVE-2023-34328.html * https://www.suse.com/security/cve/CVE-2023-46835.html * https://www.suse.com/security/cve/CVE-2023-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1215145 * https://bugzilla.suse.com/show_bug.cgi?id=1215474 * https://bugzilla.suse.com/show_bug.cgi?id=1215746 * https://bugzilla.suse.com/show_bug.cgi?id=1215747 * https://bugzilla.suse.com/show_bug.cgi?id=1215748 * https://bugzilla.suse.com/show_bug.cgi?id=1216654 * https://bugzilla.suse.com/show_bug.cgi?id=1216807 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 17 08:30:12 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 08:30:12 -0000 Subject: SUSE-SU-2023:4475-1: important: Security update for xen Message-ID: <170020981245.12915.3011495201796842931@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4475-1 Rating: important References: * bsc#1027519 * bsc#1215145 * bsc#1215474 * bsc#1215746 * bsc#1215747 * bsc#1215748 * bsc#1216654 * bsc#1216807 Cross-References: * CVE-2023-20588 * CVE-2023-34322 * CVE-2023-34325 * CVE-2023-34326 * CVE-2023-34327 * CVE-2023-34328 * CVE-2023-46835 * CVE-2023-46836 CVSS scores: * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34322 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-34325 ( SUSE ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-34326 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34327 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34328 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46835 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves eight vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). * CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). * CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). * CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). * CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). * Upstream bug fixes (bsc#1027519) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4475=1 openSUSE-SLE-15.5-2023-4475=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4475=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4475=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4475=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64 i586) * xen-libs-debuginfo-4.17.2_08-150500.3.15.1 * xen-debugsource-4.17.2_08-150500.3.15.1 * xen-libs-4.17.2_08-150500.3.15.1 * xen-tools-domU-debuginfo-4.17.2_08-150500.3.15.1 * xen-tools-domU-4.17.2_08-150500.3.15.1 * xen-devel-4.17.2_08-150500.3.15.1 * openSUSE Leap 15.5 (x86_64) * xen-libs-32bit-debuginfo-4.17.2_08-150500.3.15.1 * xen-libs-32bit-4.17.2_08-150500.3.15.1 * openSUSE Leap 15.5 (aarch64 x86_64) * xen-doc-html-4.17.2_08-150500.3.15.1 * xen-tools-4.17.2_08-150500.3.15.1 * xen-4.17.2_08-150500.3.15.1 * xen-tools-debuginfo-4.17.2_08-150500.3.15.1 * openSUSE Leap 15.5 (noarch) * xen-tools-xendomains-wait-disk-4.17.2_08-150500.3.15.1 * openSUSE Leap 15.5 (aarch64_ilp32) * xen-libs-64bit-debuginfo-4.17.2_08-150500.3.15.1 * xen-libs-64bit-4.17.2_08-150500.3.15.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * xen-libs-4.17.2_08-150500.3.15.1 * xen-libs-debuginfo-4.17.2_08-150500.3.15.1 * xen-debugsource-4.17.2_08-150500.3.15.1 * Basesystem Module 15-SP5 (x86_64) * xen-libs-debuginfo-4.17.2_08-150500.3.15.1 * xen-debugsource-4.17.2_08-150500.3.15.1 * xen-libs-4.17.2_08-150500.3.15.1 * xen-tools-domU-debuginfo-4.17.2_08-150500.3.15.1 * xen-tools-domU-4.17.2_08-150500.3.15.1 * Server Applications Module 15-SP5 (x86_64) * xen-tools-4.17.2_08-150500.3.15.1 * xen-debugsource-4.17.2_08-150500.3.15.1 * xen-4.17.2_08-150500.3.15.1 * xen-tools-debuginfo-4.17.2_08-150500.3.15.1 * xen-devel-4.17.2_08-150500.3.15.1 * Server Applications Module 15-SP5 (noarch) * xen-tools-xendomains-wait-disk-4.17.2_08-150500.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34322.html * https://www.suse.com/security/cve/CVE-2023-34325.html * https://www.suse.com/security/cve/CVE-2023-34326.html * https://www.suse.com/security/cve/CVE-2023-34327.html * https://www.suse.com/security/cve/CVE-2023-34328.html * https://www.suse.com/security/cve/CVE-2023-46835.html * https://www.suse.com/security/cve/CVE-2023-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1215145 * https://bugzilla.suse.com/show_bug.cgi?id=1215474 * https://bugzilla.suse.com/show_bug.cgi?id=1215746 * https://bugzilla.suse.com/show_bug.cgi?id=1215747 * https://bugzilla.suse.com/show_bug.cgi?id=1215748 * https://bugzilla.suse.com/show_bug.cgi?id=1216654 * https://bugzilla.suse.com/show_bug.cgi?id=1216807 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 17 08:30:23 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 08:30:23 -0000 Subject: SUSE-SU-2023:4473-1: moderate: Security update for frr Message-ID: <170020982351.12915.5842055011283826550@smelt2.prg2.suse.org> # Security update for frr Announcement ID: SUSE-SU-2023:4473-1 Rating: moderate References: * bsc#1216626 * bsc#1216627 Cross-References: * CVE-2023-46752 * CVE-2023-46753 CVSS scores: * CVE-2023-46752 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46752 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46753 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46753 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for frr fixes the following issues: * CVE-2023-46753: Fixed a crash caused from a crafted BGP UPDATE message. (bsc#1216626) * CVE-2023-46752: Fixed a crash caused from a mishandled malformed MP_REACH_NLRI data. (bsc#1216627) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4473=1 openSUSE-SLE-15.5-2023-4473=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4473=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libmlag_pb0-debuginfo-8.4-150500.4.11.1 * libfrrzmq0-8.4-150500.4.11.1 * libfrrfpm_pb0-8.4-150500.4.11.1 * frr-debuginfo-8.4-150500.4.11.1 * libfrrcares0-debuginfo-8.4-150500.4.11.1 * libfrrfpm_pb0-debuginfo-8.4-150500.4.11.1 * libfrrospfapiclient0-8.4-150500.4.11.1 * libfrrzmq0-debuginfo-8.4-150500.4.11.1 * libfrr_pb0-8.4-150500.4.11.1 * libmlag_pb0-8.4-150500.4.11.1 * frr-debugsource-8.4-150500.4.11.1 * frr-8.4-150500.4.11.1 * libfrr_pb0-debuginfo-8.4-150500.4.11.1 * libfrrsnmp0-8.4-150500.4.11.1 * libfrr0-debuginfo-8.4-150500.4.11.1 * libfrrospfapiclient0-debuginfo-8.4-150500.4.11.1 * libfrrcares0-8.4-150500.4.11.1 * libfrrsnmp0-debuginfo-8.4-150500.4.11.1 * frr-devel-8.4-150500.4.11.1 * libfrr0-8.4-150500.4.11.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libmlag_pb0-debuginfo-8.4-150500.4.11.1 * libfrrzmq0-8.4-150500.4.11.1 * libfrrfpm_pb0-8.4-150500.4.11.1 * frr-debuginfo-8.4-150500.4.11.1 * libfrrcares0-debuginfo-8.4-150500.4.11.1 * libfrrfpm_pb0-debuginfo-8.4-150500.4.11.1 * libfrrospfapiclient0-8.4-150500.4.11.1 * libfrrzmq0-debuginfo-8.4-150500.4.11.1 * libfrr_pb0-8.4-150500.4.11.1 * libmlag_pb0-8.4-150500.4.11.1 * frr-debugsource-8.4-150500.4.11.1 * frr-8.4-150500.4.11.1 * libfrr_pb0-debuginfo-8.4-150500.4.11.1 * libfrrsnmp0-8.4-150500.4.11.1 * libfrr0-debuginfo-8.4-150500.4.11.1 * libfrrospfapiclient0-debuginfo-8.4-150500.4.11.1 * libfrrcares0-8.4-150500.4.11.1 * libfrrsnmp0-debuginfo-8.4-150500.4.11.1 * frr-devel-8.4-150500.4.11.1 * libfrr0-8.4-150500.4.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46752.html * https://www.suse.com/security/cve/CVE-2023-46753.html * https://bugzilla.suse.com/show_bug.cgi?id=1216626 * https://bugzilla.suse.com/show_bug.cgi?id=1216627 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 17 08:50:41 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 09:50:41 +0100 (CET) Subject: SUSE-CU-2023:3719-1: Security update of suse/rmt-server Message-ID: <20231117085041.42FBAFD1F@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3719-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.32 , suse/rmt-server:latest Container Release : 11.32 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:31:52 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:31:52 +0100 (CET) Subject: SUSE-CU-2023:3720-1: Security update of suse/sle15 Message-ID: <20231117123152.91CCAFD1F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3720-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.212 , suse/sle15:15.3 , suse/sle15:15.3.17.20.212 Container Release : 17.20.212 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216129 1216664 CVE-2023-4039 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libxml2-2-2.9.7-150000.3.63.1 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:32:43 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:32:43 +0100 (CET) Subject: SUSE-CU-2023:3721-1: Security update of bci/bci-init Message-ID: <20231117123243.6845CFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3721-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.25 Container Release : 30.25 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-27.14.118 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:32:58 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:32:58 +0100 (CET) Subject: SUSE-CU-2023:3722-1: Security update of bci/bci-micro Message-ID: <20231117123258.8B47CFD1F@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3722-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.23.4 Container Release : 23.4 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:33:14 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:33:14 +0100 (CET) Subject: SUSE-CU-2023:3723-1: Security update of bci/bci-minimal Message-ID: <20231117123314.A09CDFBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3723-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.24.13 Container Release : 24.13 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:micro-image-15.4.0-23.4 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:33:50 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:33:50 +0100 (CET) Subject: SUSE-CU-2023:3724-1: Security update of bci/nodejs Message-ID: <20231117123350.D2BD5FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3724-1 Container Tags : bci/node:16 , bci/node:16-18.21 , bci/nodejs:16 , bci/nodejs:16-18.21 Container Release : 18.21 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-27.14.118 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:34:57 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:34:57 +0100 (CET) Subject: SUSE-CU-2023:3725-1: Security update of suse/pcp Message-ID: <20231117123457.D1056F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3725-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.185 , suse/pcp:5.2 , suse/pcp:5.2-17.185 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.185 Container Release : 17.185 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:bci-bci-init-15.4-15.4-30.25 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:35:15 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:35:15 +0100 (CET) Subject: SUSE-CU-2023:3726-1: Security update of suse/postgres Message-ID: <20231117123515.9C406FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3726-1 Container Tags : suse/postgres:14 , suse/postgres:14-24.9 , suse/postgres:14.9 , suse/postgres:14.9-24.9 Container Release : 24.9 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-27.14.118 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:36:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:36:06 +0100 (CET) Subject: SUSE-CU-2023:3727-1: Security update of bci/python Message-ID: <20231117123606.C3EA6FD1F@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3727-1 Container Tags : bci/python:3 , bci/python:3-16.23 , bci/python:3.10 , bci/python:3.10-16.23 Container Release : 16.23 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:sles15-image-15.0.0-27.14.118 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:36:47 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:36:47 +0100 (CET) Subject: SUSE-CU-2023:3728-1: Security update of suse/sle15 Message-ID: <20231117123647.CECF0F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3728-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.118 , suse/sle15:15.4 , suse/sle15:15.4.27.14.118 Container Release : 27.14.118 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:37:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:37:04 +0100 (CET) Subject: SUSE-CU-2023:3729-1: Security update of suse/389-ds Message-ID: <20231117123704.9D9F8F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3729-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.40 , suse/389-ds:latest Container Release : 16.40 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:37:22 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:37:22 +0100 (CET) Subject: SUSE-CU-2023:3730-1: Security update of bci/dotnet-aspnet Message-ID: <20231117123722.94447F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3730-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-17.11 , bci/dotnet-aspnet:6.0.24 , bci/dotnet-aspnet:6.0.24-17.11 Container Release : 17.11 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:37:42 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:37:42 +0100 (CET) Subject: SUSE-CU-2023:3731-1: Security update of bci/dotnet-aspnet Message-ID: <20231117123742.658F4F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3731-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-17.11 , bci/dotnet-aspnet:7.0.13 , bci/dotnet-aspnet:7.0.13-17.11 , bci/dotnet-aspnet:latest Container Release : 17.11 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:38:05 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:38:05 +0100 (CET) Subject: SUSE-CU-2023:3732-1: Security update of bci/dotnet-sdk Message-ID: <20231117123805.404B6F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3732-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-16.11 , bci/dotnet-sdk:6.0.24 , bci/dotnet-sdk:6.0.24-16.11 Container Release : 16.11 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:38:29 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:38:29 +0100 (CET) Subject: SUSE-CU-2023:3733-1: Security update of bci/dotnet-sdk Message-ID: <20231117123829.86E6EFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3733-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-18.10 , bci/dotnet-sdk:7.0.13 , bci/dotnet-sdk:7.0.13-18.10 , bci/dotnet-sdk:latest Container Release : 18.10 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:38:50 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:38:50 +0100 (CET) Subject: SUSE-CU-2023:3734-1: Security update of bci/dotnet-runtime Message-ID: <20231117123850.A0130FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3734-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-18.11 , bci/dotnet-runtime:7.0.13 , bci/dotnet-runtime:7.0.13-18.11 , bci/dotnet-runtime:latest Container Release : 18.11 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:38:57 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:38:57 +0100 (CET) Subject: SUSE-CU-2023:3735-1: Security update of suse/git Message-ID: <20231117123857.56424FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3735-1 Container Tags : suse/git:2.35 , suse/git:2.35-4.14 , suse/git:latest Container Release : 4.14 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:micro-image-15.5.0-12.4 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:39:12 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:39:12 +0100 (CET) Subject: SUSE-CU-2023:3736-1: Security update of bci/golang Message-ID: <20231117123912.6CD34FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3736-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.41 , bci/golang:oldstable , bci/golang:oldstable-2.4.41 Container Release : 4.41 Severity : important Type : security References : 1206346 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 1216943 1216944 CVE-2023-4039 CVE-2023-45283 CVE-2023-45284 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4470-1 Released: Thu Nov 16 19:00:15 2023 Summary: Security update for go1.20 Type: security Severity: moderate References: 1206346,1216943,1216944,CVE-2023-45283,CVE-2023-45284 This update for go1.20 fixes the following issues: go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * cmd/link: split text sections for arm 32-bit * net/http: http2 page fails on firefox/safari if pushing resources The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - go1.20-doc-1.20.11-150000.1.32.1 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - go1.20-1.20.11-150000.1.32.1 updated - go1.20-race-1.20.11-150000.1.32.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:39:21 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:39:21 +0100 (CET) Subject: SUSE-CU-2023:3737-1: Security update of bci/golang Message-ID: <20231117123921.5F07FFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3737-1 Container Tags : bci/golang:1.19-openssl , bci/golang:1.19-openssl-7.40 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-7.40 Container Release : 7.40 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:39:39 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:39:39 +0100 (CET) Subject: SUSE-CU-2023:3738-1: Security update of bci/golang Message-ID: <20231117123939.C3C85FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3738-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.4.39 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.4.39 Container Release : 4.39 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1212475 1213915 1214052 1214460 1215427 1216664 1216943 1216944 CVE-2023-4039 CVE-2023-45283 CVE-2023-45284 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4471-1 Released: Thu Nov 16 19:00:52 2023 Summary: Security update for go1.21 Type: security Severity: moderate References: 1212475,1216943,1216944,CVE-2023-45283,CVE-2023-45284 This update for go1.21 fixes the following issues: go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * spec: update unification rules * cmd/compile: internal compiler error: expected struct value to have type struct * cmd/link: split text sections for arm 32-bit * runtime: MADV_COLLAPSE causes production performance issues on Linux * go/types, x/tools/go/ssa: panic: type param without replacement encountered * cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64 * net/http: http2 page fails on firefox/safari if pushing resources The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - go1.21-doc-1.21.4-150000.1.15.1 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - go1.21-1.21.4-150000.1.15.1 updated - go1.21-race-1.21.4-150000.1.15.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:39:47 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:39:47 +0100 (CET) Subject: SUSE-CU-2023:3739-1: Security update of bci/golang Message-ID: <20231117123947.C4F98FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3739-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-7.36 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-7.36 Container Release : 7.36 Severity : important Type : security References : 1206346 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1215985 1216109 1216664 1216943 1216944 CVE-2023-39323 CVE-2023-39325 CVE-2023-4039 CVE-2023-44487 CVE-2023-45283 CVE-2023-45284 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4472-1 Released: Thu Nov 16 19:01:27 2023 Summary: Security update for go1.20-openssl Type: security Severity: important References: 1206346,1215985,1216109,1216943,1216944,CVE-2023-39323,CVE-2023-39325,CVE-2023-44487,CVE-2023-45283,CVE-2023-45284 This update for go1.20-openssl fixes the following issues: Update to version 1.20.11.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.11-1-openssl-fips. * Update to go1.20.11 go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * cmd/link: split text sections for arm 32-bit * net/http: http2 page fails on firefox/safari if pushing resources Update to version 1.20.10.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.10-1-openssl-fips. * Update to go1.20.10 go1.20.10 (released 2023-10-10) includes a security fix to the net/http package. * security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work (bsc#1216109) go1.20.9 (released 2023-10-05) includes one security fixes to the cmd/go package, as well as bug fixes to the go command and the linker. * security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build (bsc#1215985) * cmd/link: issues with Apple's new linker in Xcode 15 beta The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - go1.20-openssl-doc-1.20.11.1-150000.1.14.1 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - go1.20-openssl-1.20.11.1-150000.1.14.1 updated - go1.20-openssl-race-1.20.11.1-150000.1.14.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:39:54 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:39:54 +0100 (CET) Subject: SUSE-CU-2023:3740-1: Security update of suse/helm Message-ID: <20231117123954.1CA5BFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3740-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-3.13 , suse/helm:latest Container Release : 3.13 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:micro-image-15.5.0-12.4 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:42:03 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:42:03 +0100 (CET) Subject: SUSE-CU-2023:3740-1: Security update of suse/helm Message-ID: <20231117124203.632B2F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3740-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-3.13 , suse/helm:latest Container Release : 3.13 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:micro-image-15.5.0-12.4 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:42:16 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:42:16 +0100 (CET) Subject: SUSE-CU-2023:3741-1: Security update of bci/bci-init Message-ID: <20231117124216.6C8B9F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3741-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.10.33 , bci/bci-init:latest Container Release : 10.33 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:42:21 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:42:21 +0100 (CET) Subject: SUSE-CU-2023:3742-1: Security update of bci/bci-micro Message-ID: <20231117124221.69FBEF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3742-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.12.4 , bci/bci-micro:latest Container Release : 12.4 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:42:27 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:42:27 +0100 (CET) Subject: SUSE-CU-2023:3743-1: Security update of bci/bci-minimal Message-ID: <20231117124227.81257FD1F@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3743-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.13.12 , bci/bci-minimal:latest Container Release : 13.12 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:micro-image-15.5.0-12.4 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:42:37 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:42:37 +0100 (CET) Subject: SUSE-CU-2023:3744-1: Security update of suse/nginx Message-ID: <20231117124237.70286FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3744-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.33 , suse/nginx:latest Container Release : 5.33 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:42:53 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:42:53 +0100 (CET) Subject: SUSE-CU-2023:3745-1: Security update of bci/nodejs Message-ID: <20231117124253.BDD7DF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3745-1 Container Tags : bci/node:18 , bci/node:18-11.35 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-11.35 , bci/nodejs:latest Container Release : 11.35 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:43:12 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:43:12 +0100 (CET) Subject: SUSE-CU-2023:3746-1: Security update of bci/openjdk-devel Message-ID: <20231117124312.94A7FF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3746-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.75 Container Release : 10.75 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:bci-openjdk-11-15.5.11-11.36 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:43:26 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:43:26 +0100 (CET) Subject: SUSE-CU-2023:3747-1: Security update of bci/openjdk Message-ID: <20231117124326.EDD9EF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3747-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-11.36 Container Release : 11.36 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:43:43 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:43:43 +0100 (CET) Subject: SUSE-CU-2023:3748-1: Security update of bci/openjdk-devel Message-ID: <20231117124343.C1B54F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3748-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.69 , bci/openjdk-devel:latest Container Release : 12.69 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:bci-openjdk-17-15.5.17-12.34 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:43:59 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:43:59 +0100 (CET) Subject: SUSE-CU-2023:3749-1: Security update of bci/openjdk Message-ID: <20231117124359.A157AF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3749-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.34 , bci/openjdk:latest Container Release : 12.34 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:44:15 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:44:15 +0100 (CET) Subject: SUSE-CU-2023:3750-1: Security update of suse/pcp Message-ID: <20231117124415.D3F00F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3750-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.58 , suse/pcp:5.2 , suse/pcp:5.2-15.58 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.58 , suse/pcp:latest Container Release : 15.58 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:bci-bci-init-15.5-15.5-10.33 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:44:29 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:44:29 +0100 (CET) Subject: SUSE-CU-2023:3751-1: Security update of bci/php-apache Message-ID: <20231117124429.5C7E8FD1F@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3751-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.32 Container Release : 8.32 Severity : important Type : security References : 1206480 1206684 1207399 1209998 1210557 1211427 1212101 1213915 1214052 1214357 1214460 1215427 1216424 1216664 CVE-2023-31122 CVE-2023-4039 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4430-1 Released: Mon Nov 13 17:55:09 2023 Summary: Security update for apache2 Type: security Severity: important References: 1207399,1214357,1216424,CVE-2023-31122 This update for apache2 fixes the following issues: - CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: - Fixed the content type handling in mod_proxy_http2 (bsc#1214357). - Fixed a floating point exception crash (bsc#1207399). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - apache2-utils-2.4.51-150400.6.14.1 updated - apache2-2.4.51-150400.6.14.1 updated - apache2-prefork-2.4.51-150400.6.14.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:44:44 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:44:44 +0100 (CET) Subject: SUSE-CU-2023:3752-1: Security update of bci/php-fpm Message-ID: <20231117124444.2F8C5F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3752-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.34 Container Release : 8.34 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:44:56 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:44:56 +0100 (CET) Subject: SUSE-CU-2023:3753-1: Security update of bci/php Message-ID: <20231117124456.6C956F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3753-1 Container Tags : bci/php:8 , bci/php:8-8.30 Container Release : 8.30 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:45:08 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:45:08 +0100 (CET) Subject: SUSE-CU-2023:3754-1: Security update of suse/postgres Message-ID: <20231117124508.B58D9FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3754-1 Container Tags : suse/postgres:15 , suse/postgres:15-12.11 , suse/postgres:15.4 , suse/postgres:15.4-12.11 , suse/postgres:latest Container Release : 12.11 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:45:23 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:45:23 +0100 (CET) Subject: SUSE-CU-2023:3755-1: Security update of bci/python Message-ID: <20231117124523.1F9C8FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3755-1 Container Tags : bci/python:3 , bci/python:3-12.27 , bci/python:3.11 , bci/python:3.11-12.27 , bci/python:latest Container Release : 12.27 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:45:39 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:45:39 +0100 (CET) Subject: SUSE-CU-2023:3756-1: Security update of bci/python Message-ID: <20231117124539.42E22F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3756-1 Container Tags : bci/python:3 , bci/python:3-14.27 , bci/python:3.6 , bci/python:3.6-14.27 Container Release : 14.27 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:45:49 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:45:49 +0100 (CET) Subject: SUSE-CU-2023:3757-1: Security update of bci/ruby Message-ID: <20231117124549.F0B2EFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3757-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.31 , bci/ruby:2.5 , bci/ruby:2.5-12.31 , bci/ruby:latest Container Release : 12.31 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:46:05 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:46:05 +0100 (CET) Subject: SUSE-CU-2023:3758-1: Security update of bci/rust Message-ID: <20231117124605.47E4BFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3758-1 Container Tags : bci/rust:1.72 , bci/rust:1.72-2.2.23 , bci/rust:oldstable , bci/rust:oldstable-2.2.23 Container Release : 2.23 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libasan8-13.2.1+git7813-150000.1.6.1 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - libtsan2-13.2.1+git7813-150000.1.6.1 updated - libubsan1-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:46:19 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:46:19 +0100 (CET) Subject: SUSE-CU-2023:3759-1: Security update of bci/rust Message-ID: <20231117124619.90231FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3759-1 Container Tags : bci/rust:1.73 , bci/rust:1.73-1.2.22 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.22 Container Release : 2.22 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libasan8-13.2.1+git7813-150000.1.6.1 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - libtsan2-13.2.1+git7813-150000.1.6.1 updated - libubsan1-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Fri Nov 17 12:46:31 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 13:46:31 +0100 (CET) Subject: SUSE-CU-2023:3760-1: Security update of suse/sle15 Message-ID: <20231117124631.8B482FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3760-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.54 , suse/sle15:15.5 , suse/sle15:15.5.36.5.54 Container Release : 36.5.54 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-security-updates at lists.suse.com Fri Nov 17 13:01:34 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Nov 2023 14:01:34 +0100 (CET) Subject: SUSE-CU-2023:3760-1: Security update of suse/sle15 Message-ID: <20231117130134.2605CFD1F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3760-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.54 , suse/sle15:15.5 , suse/sle15:15.5.36.5.54 Container Release : 36.5.54 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-security-updates at lists.suse.com Sat Nov 18 08:02:47 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:02:47 +0100 (CET) Subject: SUSE-CU-2023:3762-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231118080247.F2777FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3762-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.255 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.255 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-27.14.118 updated From sle-security-updates at lists.suse.com Sat Nov 18 08:03:42 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:03:42 +0100 (CET) Subject: SUSE-CU-2023:3764-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231118080342.5577CFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3764-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.152 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.152 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-27.14.118 updated From sle-security-updates at lists.suse.com Sat Nov 18 08:03:51 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:03:51 +0100 (CET) Subject: SUSE-CU-2023:3765-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20231118080351.CDF87FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3765-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.97 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.97 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Sat Nov 18 08:04:24 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:04:24 +0100 (CET) Subject: SUSE-CU-2023:3766-1: Security update of suse/registry Message-ID: <20231118080424.3064CFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3766-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-15.16 , suse/registry:latest Container Release : 15.16 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:micro-image-15.5.0-12.4 updated From sle-security-updates at lists.suse.com Sat Nov 18 08:04:34 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:04:34 +0100 (CET) Subject: SUSE-CU-2023:3767-1: Security update of bci/dotnet-runtime Message-ID: <20231118080434.810C1FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3767-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-16.10 , bci/dotnet-runtime:6.0.24 , bci/dotnet-runtime:6.0.24-16.10 Container Release : 16.10 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - container:sles15-image-15.0.0-36.5.54 updated From sle-security-updates at lists.suse.com Sat Nov 18 08:04:43 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:04:43 +0100 (CET) Subject: SUSE-CU-2023:3768-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231118080443.A8D26FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3768-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.7 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.7 Container Release : 9.40.7 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-security-updates at lists.suse.com Sat Nov 18 08:04:48 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:04:48 +0100 (CET) Subject: SUSE-CU-2023:3769-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231118080448.C06D6FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3769-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.9 , suse/manager/4.3/proxy-salt-broker:4.3.9.9.30.7 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9.9.30.7 Container Release : 9.30.7 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated From sle-security-updates at lists.suse.com Sat Nov 18 08:04:55 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:04:55 +0100 (CET) Subject: SUSE-CU-2023:3770-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20231118080455.34534F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3770-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.9 , suse/manager/4.3/proxy-squid:4.3.9.9.39.5 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.9 , suse/manager/4.3/proxy-squid:susemanager-4.3.9.9.39.5 Container Release : 9.39.5 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-security-updates at lists.suse.com Sat Nov 18 08:05:00 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:05:00 +0100 (CET) Subject: SUSE-CU-2023:3771-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20231118080500.88E74FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3771-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.9 , suse/manager/4.3/proxy-ssh:4.3.9.9.30.5 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.9 , suse/manager/4.3/proxy-ssh:susemanager-4.3.9.9.30.5 Container Release : 9.30.5 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated From sle-security-updates at lists.suse.com Sat Nov 18 08:05:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:05:06 +0100 (CET) Subject: SUSE-CU-2023:3772-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231118080506.43157FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3772-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.6 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.6 Container Release : 9.30.6 Severity : important Type : security References : 1206480 1206684 1209998 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216664 CVE-2023-4039 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated From sle-security-updates at lists.suse.com Sat Nov 18 08:05:31 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 18 Nov 2023 09:05:31 +0100 (CET) Subject: SUSE-CU-2023:3773-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231118080531.5C54FF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3773-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.315 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.315 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216129 1216664 CVE-2023-4039 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libxml2-2-2.9.7-150000.3.63.1 updated - container:sles15-image-15.0.0-17.20.212 updated From sle-security-updates at lists.suse.com Sun Nov 19 08:04:20 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 19 Nov 2023 09:04:20 +0100 (CET) Subject: SUSE-CU-2023:3774-1: Security update of suse/sle15 Message-ID: <20231119080420.3CF91FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3774-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.843 Container Release : 6.2.843 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216129 1216664 CVE-2023-4039 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libxml2-2-2.9.7-150000.3.63.1 updated From sle-security-updates at lists.suse.com Sun Nov 19 08:06:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 19 Nov 2023 09:06:06 +0100 (CET) Subject: SUSE-CU-2023:3775-1: Security update of suse/sle15 Message-ID: <20231119080606.267EEFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3775-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.370 Container Release : 9.5.370 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216129 1216664 CVE-2023-4039 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libxml2-2-2.9.7-150000.3.63.1 updated From sle-security-updates at lists.suse.com Sun Nov 19 08:06:54 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 19 Nov 2023 09:06:54 +0100 (CET) Subject: SUSE-CU-2023:3776-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231119080654.81542FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3776-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.493 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.493 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216129 1216664 CVE-2023-4039 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libxml2-2-2.9.7-150000.3.63.1 updated - container:sles15-image-15.0.0-17.20.212 updated From sle-security-updates at lists.suse.com Mon Nov 20 12:30:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Nov 2023 12:30:06 -0000 Subject: SUSE-SU-2023:4480-1: important: Security update for gcc13 Message-ID: <170048340628.18127.17152205380047604251@smelt2.prg2.suse.org> # Security update for gcc13 Announcement ID: SUSE-SU-2023:4480-1 Rating: important References: * bsc#1206480 * bsc#1206684 * bsc#1210557 * bsc#1211427 * bsc#1212101 * bsc#1213915 * bsc#1214052 * bsc#1214460 * bsc#1215427 * bsc#1216664 * jsc#PED-153 * jsc#PED-2005 * jsc#PED-252 * jsc#PED-253 * jsc#PED-6584 Cross-References: * CVE-2023-4039 CVSS scores: * CVE-2023-4039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4039 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Toolchain Module 12 An update that solves one vulnerability, contains five features and has nine security fixes can now be installed. ## Description: This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: * install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages. * override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) * Work around third party app crash during C++ standard library initialization. [bsc#1216664] * Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) * Bump included newlib to version 4.3.0. * Update to GCC trunk head (r13-5254-g05b9868b182bb9) * Redo floatn fixinclude pick-up to simply keep what is there. * Turn cross compiler to s390x to a glibc cross. [bsc#1214460] * Also handle -static-pie in the default-PIE specs * Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] * Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] * Add new x86-related intrinsics (amxcomplexintrin.h). * RISC-V: Add support for inlining subword atomic operations * Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. * Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. * Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. * Bump included newlib to version 4.3.0. * Also package libhwasan_preinit.o on aarch64. * Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. * Package libhwasan_preinit.o on x86_64. * Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] * Enable PRU flavour for gcc13 * update floatn fixinclude pickup to check each header separately (bsc#1206480) * Redo floatn fixinclude pick-up to simply keep what is there. * Bump libgo SONAME to libgo22. * Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. * Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. * Depend on at least LLVM 13 for GCN cross compiler. * Update embedded newlib to version 4.2.0 * Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Toolchain Module 12 zypper in -t patch SUSE-SLE-Module-Toolchain-12-2023-4480=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4480=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4480=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4480=1 ## Package List: * Toolchain Module 12 (aarch64 ppc64le s390x x86_64) * gcc13-PIE-13.2.1+git7813-1.10.1 * gcc13-locale-13.2.1+git7813-1.10.1 * gcc13-13.2.1+git7813-1.10.1 * gcc13-fortran-13.2.1+git7813-1.10.1 * gcc13-debuginfo-13.2.1+git7813-1.10.1 * gcc13-c++-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-devel-gcc13-13.2.1+git7813-1.10.1 * cpp13-debuginfo-13.2.1+git7813-1.10.1 * gcc13-fortran-debuginfo-13.2.1+git7813-1.10.1 * gcc13-c++-13.2.1+git7813-1.10.1 * gcc13-debugsource-13.2.1+git7813-1.10.1 * cpp13-13.2.1+git7813-1.10.1 * Toolchain Module 12 (noarch) * gcc13-info-13.2.1+git7813-1.10.1 * Toolchain Module 12 (s390x x86_64) * gcc13-c++-32bit-13.2.1+git7813-1.10.1 * gcc13-32bit-13.2.1+git7813-1.10.1 * gcc13-fortran-32bit-13.2.1+git7813-1.10.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-1.10.1 * Toolchain Module 12 (x86_64) * cross-nvptx-newlib13-devel-13.2.1+git7813-1.10.1 * cross-nvptx-gcc13-13.2.1+git7813-1.10.1 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-1.10.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libstdc++6-pp-13.2.1+git7813-1.10.1 * libatomic1-debuginfo-13.2.1+git7813-1.10.1 * libitm1-debuginfo-13.2.1+git7813-1.10.1 * libgfortran5-13.2.1+git7813-1.10.1 * libobjc4-13.2.1+git7813-1.10.1 * liblsan0-debuginfo-13.2.1+git7813-1.10.1 * libtsan2-13.2.1+git7813-1.10.1 * libasan8-13.2.1+git7813-1.10.1 * liblsan0-13.2.1+git7813-1.10.1 * libhwasan0-debuginfo-13.2.1+git7813-1.10.1 * libobjc4-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-13.2.1+git7813-1.10.1 * libasan8-debuginfo-13.2.1+git7813-1.10.1 * libitm1-13.2.1+git7813-1.10.1 * libgomp1-debuginfo-13.2.1+git7813-1.10.1 * libgomp1-13.2.1+git7813-1.10.1 * libatomic1-13.2.1+git7813-1.10.1 * libhwasan0-13.2.1+git7813-1.10.1 * libgfortran5-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-13.2.1+git7813-1.10.1 * libgcc_s1-13.2.1+git7813-1.10.1 * libgcc_s1-debuginfo-13.2.1+git7813-1.10.1 * libtsan2-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-locale-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libgfortran5-32bit-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-32bit-13.2.1+git7813-1.10.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libasan8-32bit-debuginfo-13.2.1+git7813-1.10.1 * libquadmath0-13.2.1+git7813-1.10.1 * libquadmath0-32bit-13.2.1+git7813-1.10.1 * libasan8-32bit-13.2.1+git7813-1.10.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libitm1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libitm1-32bit-13.2.1+git7813-1.10.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-1.10.1 * libatomic1-32bit-13.2.1+git7813-1.10.1 * libobjc4-32bit-13.2.1+git7813-1.10.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-32bit-13.2.1+git7813-1.10.1 * libstdc++6-pp-32bit-13.2.1+git7813-1.10.1 * libgcc_s1-32bit-13.2.1+git7813-1.10.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-1.10.1 * libgfortran5-32bit-13.2.1+git7813-1.10.1 * libgomp1-32bit-13.2.1+git7813-1.10.1 * libquadmath0-debuginfo-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libstdc++6-pp-13.2.1+git7813-1.10.1 * libatomic1-debuginfo-13.2.1+git7813-1.10.1 * libitm1-debuginfo-13.2.1+git7813-1.10.1 * libgfortran5-13.2.1+git7813-1.10.1 * libobjc4-13.2.1+git7813-1.10.1 * liblsan0-debuginfo-13.2.1+git7813-1.10.1 * libtsan2-13.2.1+git7813-1.10.1 * libasan8-13.2.1+git7813-1.10.1 * liblsan0-13.2.1+git7813-1.10.1 * libobjc4-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-13.2.1+git7813-1.10.1 * libasan8-debuginfo-13.2.1+git7813-1.10.1 * libitm1-13.2.1+git7813-1.10.1 * libgomp1-debuginfo-13.2.1+git7813-1.10.1 * libgomp1-13.2.1+git7813-1.10.1 * libatomic1-13.2.1+git7813-1.10.1 * libgfortran5-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-13.2.1+git7813-1.10.1 * libgcc_s1-13.2.1+git7813-1.10.1 * libgcc_s1-debuginfo-13.2.1+git7813-1.10.1 * libtsan2-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-locale-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 x86_64) * libhwasan0-debuginfo-13.2.1+git7813-1.10.1 * libhwasan0-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le x86_64) * libquadmath0-13.2.1+git7813-1.10.1 * libquadmath0-debuginfo-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libatomic1-32bit-13.2.1+git7813-1.10.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-32bit-13.2.1+git7813-1.10.1 * libasan8-32bit-13.2.1+git7813-1.10.1 * libgfortran5-32bit-13.2.1+git7813-1.10.1 * libitm1-32bit-13.2.1+git7813-1.10.1 * libgomp1-32bit-13.2.1+git7813-1.10.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libitm1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libobjc4-32bit-13.2.1+git7813-1.10.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-32bit-13.2.1+git7813-1.10.1 * libstdc++6-pp-32bit-13.2.1+git7813-1.10.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libasan8-32bit-debuginfo-13.2.1+git7813-1.10.1 * libgcc_s1-32bit-13.2.1+git7813-1.10.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * libquadmath0-32bit-debuginfo-13.2.1+git7813-1.10.1 * libquadmath0-32bit-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libstdc++6-pp-13.2.1+git7813-1.10.1 * libatomic1-debuginfo-13.2.1+git7813-1.10.1 * libitm1-debuginfo-13.2.1+git7813-1.10.1 * libgfortran5-13.2.1+git7813-1.10.1 * libobjc4-13.2.1+git7813-1.10.1 * liblsan0-debuginfo-13.2.1+git7813-1.10.1 * libquadmath0-13.2.1+git7813-1.10.1 * libtsan2-13.2.1+git7813-1.10.1 * libasan8-13.2.1+git7813-1.10.1 * liblsan0-13.2.1+git7813-1.10.1 * libobjc4-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-13.2.1+git7813-1.10.1 * libasan8-debuginfo-13.2.1+git7813-1.10.1 * libitm1-13.2.1+git7813-1.10.1 * libgomp1-debuginfo-13.2.1+git7813-1.10.1 * libgomp1-13.2.1+git7813-1.10.1 * libatomic1-13.2.1+git7813-1.10.1 * libgfortran5-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-13.2.1+git7813-1.10.1 * libgcc_s1-13.2.1+git7813-1.10.1 * libgcc_s1-debuginfo-13.2.1+git7813-1.10.1 * libquadmath0-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-debuginfo-13.2.1+git7813-1.10.1 * libtsan2-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-locale-13.2.1+git7813-1.10.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libgfortran5-32bit-debuginfo-13.2.1+git7813-1.10.1 * libstdc++6-32bit-13.2.1+git7813-1.10.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libasan8-32bit-debuginfo-13.2.1+git7813-1.10.1 * libquadmath0-32bit-13.2.1+git7813-1.10.1 * libasan8-32bit-13.2.1+git7813-1.10.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libitm1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libhwasan0-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libitm1-32bit-13.2.1+git7813-1.10.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-1.10.1 * libatomic1-32bit-13.2.1+git7813-1.10.1 * libobjc4-32bit-13.2.1+git7813-1.10.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-1.10.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-1.10.1 * libubsan1-32bit-13.2.1+git7813-1.10.1 * libstdc++6-pp-32bit-13.2.1+git7813-1.10.1 * libgcc_s1-32bit-13.2.1+git7813-1.10.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-1.10.1 * libgfortran5-32bit-13.2.1+git7813-1.10.1 * libgomp1-32bit-13.2.1+git7813-1.10.1 * libhwasan0-13.2.1+git7813-1.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4039.html * https://bugzilla.suse.com/show_bug.cgi?id=1206480 * https://bugzilla.suse.com/show_bug.cgi?id=1206684 * https://bugzilla.suse.com/show_bug.cgi?id=1210557 * https://bugzilla.suse.com/show_bug.cgi?id=1211427 * https://bugzilla.suse.com/show_bug.cgi?id=1212101 * https://bugzilla.suse.com/show_bug.cgi?id=1213915 * https://bugzilla.suse.com/show_bug.cgi?id=1214052 * https://bugzilla.suse.com/show_bug.cgi?id=1214460 * https://bugzilla.suse.com/show_bug.cgi?id=1215427 * https://bugzilla.suse.com/show_bug.cgi?id=1216664 * https://jira.suse.com/browse/PED-153 * https://jira.suse.com/browse/PED-2005 * https://jira.suse.com/browse/PED-252 * https://jira.suse.com/browse/PED-253 * https://jira.suse.com/browse/PED-6584 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 20 12:30:08 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Nov 2023 12:30:08 -0000 Subject: SUSE-SU-2023:4479-1: important: Security update for postgresql14 Message-ID: <170048340871.18127.7665222911615270467@smelt2.prg2.suse.org> # Security update for postgresql14 Announcement ID: SUSE-SU-2023:4479-1 Rating: important References: * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for postgresql14 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) * update to 14.10: https://www.postgresql.org/docs/14/release-14-10.html * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4479=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4479=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4479=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4479=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4479=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4479=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4479=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4479=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4479=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4479=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4479=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4479=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4479=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4479=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4479=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-llvmjit-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-test-14.10-150200.5.36.1 * postgresql14-llvmjit-devel-14.10-150200.5.36.1 * postgresql14-llvmjit-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * openSUSE Leap 15.4 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-llvmjit-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-test-14.10-150200.5.36.1 * postgresql14-llvmjit-devel-14.10-150200.5.36.1 * postgresql14-llvmjit-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * openSUSE Leap 15.5 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postgresql14-llvmjit-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-llvmjit-devel-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-llvmjit-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * Legacy Module 15-SP5 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-llvmjit-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-llvmjit-devel-14.10-150200.5.36.1 * postgresql14-llvmjit-debuginfo-14.10-150200.5.36.1 * postgresql14-test-14.10-150200.5.36.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * postgresql14-llvmjit-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-llvmjit-debuginfo-14.10-150200.5.36.1 * postgresql14-test-14.10-150200.5.36.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * Server Applications Module 15-SP4 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * postgresql14-docs-14.10-150200.5.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * postgresql14-server-debuginfo-14.10-150200.5.36.1 * postgresql14-plpython-14.10-150200.5.36.1 * postgresql14-pltcl-debuginfo-14.10-150200.5.36.1 * postgresql14-debuginfo-14.10-150200.5.36.1 * postgresql14-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-plperl-14.10-150200.5.36.1 * postgresql14-debugsource-14.10-150200.5.36.1 * postgresql14-devel-14.10-150200.5.36.1 * postgresql14-pltcl-14.10-150200.5.36.1 * postgresql14-plpython-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-debuginfo-14.10-150200.5.36.1 * postgresql14-14.10-150200.5.36.1 * postgresql14-server-devel-14.10-150200.5.36.1 * postgresql14-plperl-debuginfo-14.10-150200.5.36.1 * postgresql14-server-devel-debuginfo-14.10-150200.5.36.1 * postgresql14-contrib-14.10-150200.5.36.1 * postgresql14-server-14.10-150200.5.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * postgresql14-docs-14.10-150200.5.36.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 20 16:30:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Nov 2023 16:30:04 -0000 Subject: SUSE-SU-2023:4490-1: moderate: Security update for python-Twisted Message-ID: <170049780433.29837.6629547518053736685@smelt2.prg2.suse.org> # Security update for python-Twisted Announcement ID: SUSE-SU-2023:4490-1 Rating: moderate References: * bsc#1216588 Cross-References: * CVE-2023-46137 CVSS scores: * CVE-2023-46137 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46137 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for python-Twisted fixes the following issues: * CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. (bsc#1216588) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4490=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-Twisted-debugsource-19.10.0-150200.3.21.1 * python-Twisted-debuginfo-19.10.0-150200.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46137.html * https://bugzilla.suse.com/show_bug.cgi?id=1216588 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 20 16:30:07 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Nov 2023 16:30:07 -0000 Subject: SUSE-SU-2023:4489-1: important: Security update for openssl Message-ID: <170049780771.29837.17042871901987516597@smelt2.prg2.suse.org> # Security update for openssl Announcement ID: SUSE-SU-2023:4489-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for openssl fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-4489=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-4489=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * libopenssl0_9_8-32bit-0.9.8j-0.106.80.1 * openssl-doc-0.9.8j-0.106.80.1 * libopenssl0_9_8-hmac-0.9.8j-0.106.80.1 * libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.80.1 * openssl-0.9.8j-0.106.80.1 * libopenssl0_9_8-0.9.8j-0.106.80.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * libopenssl0_9_8-32bit-0.9.8j-0.106.80.1 * openssl-doc-0.9.8j-0.106.80.1 * libopenssl0_9_8-hmac-0.9.8j-0.106.80.1 * libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.80.1 * openssl-0.9.8j-0.106.80.1 * libopenssl0_9_8-0.9.8j-0.106.80.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 20 16:30:10 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Nov 2023 16:30:10 -0000 Subject: SUSE-SU-2023:4488-1: important: Security update for openssl1 Message-ID: <170049781005.29837.478846360845011962@smelt2.prg2.suse.org> # Security update for openssl1 Announcement ID: SUSE-SU-2023:4488-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for openssl1 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-4488=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-4488=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * libopenssl1_0_0-32bit-1.0.1g-0.58.76.1 * openssl1-doc-1.0.1g-0.58.76.1 * openssl1-1.0.1g-0.58.76.1 * libopenssl1_0_0-1.0.1g-0.58.76.1 * libopenssl1-devel-1.0.1g-0.58.76.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * libopenssl1_0_0-32bit-1.0.1g-0.58.76.1 * openssl1-doc-1.0.1g-0.58.76.1 * openssl1-1.0.1g-0.58.76.1 * libopenssl1_0_0-1.0.1g-0.58.76.1 * libopenssl1-devel-1.0.1g-0.58.76.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 20 16:30:12 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Nov 2023 16:30:12 -0000 Subject: SUSE-SU-2023:4486-1: important: Security update for xen Message-ID: <170049781257.29837.16268252321080490991@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4486-1 Rating: important References: * bsc#1216654 * bsc#1216807 Cross-References: * CVE-2023-46835 * CVE-2023-46836 CVSS scores: * CVE-2023-46835 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-46836 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4486=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4486=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4486=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4486=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 x86_64) * xen-devel-4.12.4_42-3.100.1 * xen-debugsource-4.12.4_42-3.100.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * xen-4.12.4_42-3.100.1 * xen-libs-debuginfo-4.12.4_42-3.100.1 * xen-tools-4.12.4_42-3.100.1 * xen-libs-debuginfo-32bit-4.12.4_42-3.100.1 * xen-libs-32bit-4.12.4_42-3.100.1 * xen-debugsource-4.12.4_42-3.100.1 * xen-tools-domU-debuginfo-4.12.4_42-3.100.1 * xen-doc-html-4.12.4_42-3.100.1 * xen-libs-4.12.4_42-3.100.1 * xen-tools-domU-4.12.4_42-3.100.1 * xen-tools-debuginfo-4.12.4_42-3.100.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * xen-4.12.4_42-3.100.1 * xen-libs-debuginfo-4.12.4_42-3.100.1 * xen-tools-4.12.4_42-3.100.1 * xen-libs-debuginfo-32bit-4.12.4_42-3.100.1 * xen-libs-32bit-4.12.4_42-3.100.1 * xen-debugsource-4.12.4_42-3.100.1 * xen-tools-domU-debuginfo-4.12.4_42-3.100.1 * xen-doc-html-4.12.4_42-3.100.1 * xen-libs-4.12.4_42-3.100.1 * xen-tools-domU-4.12.4_42-3.100.1 * xen-tools-debuginfo-4.12.4_42-3.100.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * xen-4.12.4_42-3.100.1 * xen-libs-debuginfo-4.12.4_42-3.100.1 * xen-tools-4.12.4_42-3.100.1 * xen-libs-debuginfo-32bit-4.12.4_42-3.100.1 * xen-libs-32bit-4.12.4_42-3.100.1 * xen-debugsource-4.12.4_42-3.100.1 * xen-tools-domU-debuginfo-4.12.4_42-3.100.1 * xen-doc-html-4.12.4_42-3.100.1 * xen-libs-4.12.4_42-3.100.1 * xen-tools-domU-4.12.4_42-3.100.1 * xen-tools-debuginfo-4.12.4_42-3.100.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46835.html * https://www.suse.com/security/cve/CVE-2023-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1216654 * https://bugzilla.suse.com/show_bug.cgi?id=1216807 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 20 16:30:15 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Nov 2023 16:30:15 -0000 Subject: SUSE-SU-2023:4485-1: important: Security update for xen Message-ID: <170049781559.29837.10658654646760490051@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4485-1 Rating: important References: * bsc#1216654 * bsc#1216807 Cross-References: * CVE-2023-46835 * CVE-2023-46836 CVSS scores: * CVE-2023-46835 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-46836 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4485=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4485=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4485=1 ## Package List: * SUSE CaaS Platform 4.0 (x86_64) * xen-libs-4.12.4_42-150100.3.98.1 * xen-tools-domU-debuginfo-4.12.4_42-150100.3.98.1 * xen-debugsource-4.12.4_42-150100.3.98.1 * xen-4.12.4_42-150100.3.98.1 * xen-tools-debuginfo-4.12.4_42-150100.3.98.1 * xen-devel-4.12.4_42-150100.3.98.1 * xen-tools-domU-4.12.4_42-150100.3.98.1 * xen-libs-debuginfo-4.12.4_42-150100.3.98.1 * xen-tools-4.12.4_42-150100.3.98.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * xen-libs-4.12.4_42-150100.3.98.1 * xen-tools-domU-debuginfo-4.12.4_42-150100.3.98.1 * xen-debugsource-4.12.4_42-150100.3.98.1 * xen-4.12.4_42-150100.3.98.1 * xen-tools-debuginfo-4.12.4_42-150100.3.98.1 * xen-devel-4.12.4_42-150100.3.98.1 * xen-tools-domU-4.12.4_42-150100.3.98.1 * xen-libs-debuginfo-4.12.4_42-150100.3.98.1 * xen-tools-4.12.4_42-150100.3.98.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * xen-libs-4.12.4_42-150100.3.98.1 * xen-tools-domU-debuginfo-4.12.4_42-150100.3.98.1 * xen-debugsource-4.12.4_42-150100.3.98.1 * xen-4.12.4_42-150100.3.98.1 * xen-tools-debuginfo-4.12.4_42-150100.3.98.1 * xen-devel-4.12.4_42-150100.3.98.1 * xen-tools-domU-4.12.4_42-150100.3.98.1 * xen-libs-debuginfo-4.12.4_42-150100.3.98.1 * xen-tools-4.12.4_42-150100.3.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * xen-libs-4.12.4_42-150100.3.98.1 * xen-tools-domU-debuginfo-4.12.4_42-150100.3.98.1 * xen-debugsource-4.12.4_42-150100.3.98.1 * xen-4.12.4_42-150100.3.98.1 * xen-tools-debuginfo-4.12.4_42-150100.3.98.1 * xen-devel-4.12.4_42-150100.3.98.1 * xen-tools-domU-4.12.4_42-150100.3.98.1 * xen-libs-debuginfo-4.12.4_42-150100.3.98.1 * xen-tools-4.12.4_42-150100.3.98.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46835.html * https://www.suse.com/security/cve/CVE-2023-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1216654 * https://bugzilla.suse.com/show_bug.cgi?id=1216807 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 20 16:30:17 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Nov 2023 16:30:17 -0000 Subject: SUSE-SU-2023:4484-1: important: Security update for xen Message-ID: <170049781791.29837.17655994067931562332@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4484-1 Rating: important References: * bsc#1216654 * bsc#1216807 Cross-References: * CVE-2023-46835 * CVE-2023-46836 CVSS scores: * CVE-2023-46835 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-46836 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4484=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4484=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4484=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * xen-debugsource-4.13.5_08-150200.3.83.1 * xen-tools-domU-4.13.5_08-150200.3.83.1 * xen-devel-4.13.5_08-150200.3.83.1 * xen-tools-4.13.5_08-150200.3.83.1 * xen-libs-4.13.5_08-150200.3.83.1 * xen-libs-debuginfo-4.13.5_08-150200.3.83.1 * xen-tools-domU-debuginfo-4.13.5_08-150200.3.83.1 * xen-tools-debuginfo-4.13.5_08-150200.3.83.1 * xen-4.13.5_08-150200.3.83.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_08-150200.3.83.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * xen-debugsource-4.13.5_08-150200.3.83.1 * xen-tools-domU-4.13.5_08-150200.3.83.1 * xen-devel-4.13.5_08-150200.3.83.1 * xen-tools-4.13.5_08-150200.3.83.1 * xen-libs-4.13.5_08-150200.3.83.1 * xen-libs-debuginfo-4.13.5_08-150200.3.83.1 * xen-tools-domU-debuginfo-4.13.5_08-150200.3.83.1 * xen-tools-debuginfo-4.13.5_08-150200.3.83.1 * xen-4.13.5_08-150200.3.83.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_08-150200.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * xen-debugsource-4.13.5_08-150200.3.83.1 * xen-tools-domU-4.13.5_08-150200.3.83.1 * xen-devel-4.13.5_08-150200.3.83.1 * xen-tools-4.13.5_08-150200.3.83.1 * xen-libs-4.13.5_08-150200.3.83.1 * xen-libs-debuginfo-4.13.5_08-150200.3.83.1 * xen-tools-domU-debuginfo-4.13.5_08-150200.3.83.1 * xen-tools-debuginfo-4.13.5_08-150200.3.83.1 * xen-4.13.5_08-150200.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_08-150200.3.83.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46835.html * https://www.suse.com/security/cve/CVE-2023-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1216654 * https://bugzilla.suse.com/show_bug.cgi?id=1216807 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 20 16:30:20 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Nov 2023 16:30:20 -0000 Subject: SUSE-SU-2023:4483-1: moderate: Security update for frr Message-ID: <170049782051.29837.10637461616884101314@smelt2.prg2.suse.org> # Security update for frr Announcement ID: SUSE-SU-2023:4483-1 Rating: moderate References: * bsc#1216626 * bsc#1216627 Cross-References: * CVE-2023-46752 * CVE-2023-46753 CVSS scores: * CVE-2023-46752 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46752 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46753 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46753 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for frr fixes the following issues: * CVE-2023-46752: Fixed denial of service caused by mishandling malformed MP_REACH_NLRI data (bsc#1216627). * CVE-2023-46753: Fixed denial of service caused by crafted BGP UPDATE messages (bsc#1216626). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4483=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4483=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4483=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libfrr0-debuginfo-7.4-150300.4.20.1 * libfrr0-7.4-150300.4.20.1 * libmlag_pb0-7.4-150300.4.20.1 * libfrrgrpc_pb0-7.4-150300.4.20.1 * libfrrzmq0-debuginfo-7.4-150300.4.20.1 * libfrrsnmp0-debuginfo-7.4-150300.4.20.1 * frr-devel-7.4-150300.4.20.1 * libfrr_pb0-7.4-150300.4.20.1 * libfrrzmq0-7.4-150300.4.20.1 * frr-7.4-150300.4.20.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.20.1 * libfrrfpm_pb0-7.4-150300.4.20.1 * libfrrsnmp0-7.4-150300.4.20.1 * libfrrcares0-debuginfo-7.4-150300.4.20.1 * libfrrcares0-7.4-150300.4.20.1 * libmlag_pb0-debuginfo-7.4-150300.4.20.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.20.1 * libfrrospfapiclient0-7.4-150300.4.20.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.20.1 * frr-debuginfo-7.4-150300.4.20.1 * libfrr_pb0-debuginfo-7.4-150300.4.20.1 * frr-debugsource-7.4-150300.4.20.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libfrr0-debuginfo-7.4-150300.4.20.1 * libfrr0-7.4-150300.4.20.1 * libmlag_pb0-7.4-150300.4.20.1 * libfrrgrpc_pb0-7.4-150300.4.20.1 * libfrrzmq0-debuginfo-7.4-150300.4.20.1 * libfrrsnmp0-debuginfo-7.4-150300.4.20.1 * frr-devel-7.4-150300.4.20.1 * libfrr_pb0-7.4-150300.4.20.1 * libfrrzmq0-7.4-150300.4.20.1 * frr-7.4-150300.4.20.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.20.1 * libfrrfpm_pb0-7.4-150300.4.20.1 * libfrrsnmp0-7.4-150300.4.20.1 * libfrrcares0-debuginfo-7.4-150300.4.20.1 * libfrrcares0-7.4-150300.4.20.1 * libmlag_pb0-debuginfo-7.4-150300.4.20.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.20.1 * libfrrospfapiclient0-7.4-150300.4.20.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.20.1 * frr-debuginfo-7.4-150300.4.20.1 * libfrr_pb0-debuginfo-7.4-150300.4.20.1 * frr-debugsource-7.4-150300.4.20.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libfrr0-debuginfo-7.4-150300.4.20.1 * libfrr0-7.4-150300.4.20.1 * libmlag_pb0-7.4-150300.4.20.1 * libfrrgrpc_pb0-7.4-150300.4.20.1 * libfrrzmq0-debuginfo-7.4-150300.4.20.1 * libfrrsnmp0-debuginfo-7.4-150300.4.20.1 * frr-devel-7.4-150300.4.20.1 * libfrr_pb0-7.4-150300.4.20.1 * libfrrzmq0-7.4-150300.4.20.1 * frr-7.4-150300.4.20.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.20.1 * libfrrfpm_pb0-7.4-150300.4.20.1 * libfrrsnmp0-7.4-150300.4.20.1 * libfrrcares0-debuginfo-7.4-150300.4.20.1 * libfrrcares0-7.4-150300.4.20.1 * libmlag_pb0-debuginfo-7.4-150300.4.20.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.20.1 * libfrrospfapiclient0-7.4-150300.4.20.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.20.1 * frr-debuginfo-7.4-150300.4.20.1 * libfrr_pb0-debuginfo-7.4-150300.4.20.1 * frr-debugsource-7.4-150300.4.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46752.html * https://www.suse.com/security/cve/CVE-2023-46753.html * https://bugzilla.suse.com/show_bug.cgi?id=1216626 * https://bugzilla.suse.com/show_bug.cgi?id=1216627 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 20 20:30:02 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Nov 2023 20:30:02 -0000 Subject: SUSE-SU-2023:4492-1: important: Security update for nghttp2 Message-ID: <170051220295.16280.6490221522719226673@smelt2.prg2.suse.org> # Security update for nghttp2 Announcement ID: SUSE-SU-2023:4492-1 Rating: important References: * bsc#1216123 * bsc#1216174 Cross-References: * CVE-2023-44487 CVSS scores: * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for nghttp2 fixes the following issues: * CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4492=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4492=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4492=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libnghttp2-14-debuginfo-1.40.0-150000.3.17.1 * libnghttp2_asio-devel-1.40.0-150000.3.17.1 * nghttp2-debuginfo-1.40.0-150000.3.17.1 * libnghttp2_asio1-1.40.0-150000.3.17.1 * libnghttp2-14-1.40.0-150000.3.17.1 * nghttp2-debugsource-1.40.0-150000.3.17.1 * libnghttp2_asio1-debuginfo-1.40.0-150000.3.17.1 * libnghttp2-devel-1.40.0-150000.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libnghttp2-14-32bit-1.40.0-150000.3.17.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150000.3.17.1 * SUSE CaaS Platform 4.0 (x86_64) * libnghttp2-14-debuginfo-1.40.0-150000.3.17.1 * libnghttp2_asio-devel-1.40.0-150000.3.17.1 * nghttp2-debuginfo-1.40.0-150000.3.17.1 * libnghttp2-14-32bit-1.40.0-150000.3.17.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150000.3.17.1 * libnghttp2-14-1.40.0-150000.3.17.1 * libnghttp2_asio1-1.40.0-150000.3.17.1 * nghttp2-debugsource-1.40.0-150000.3.17.1 * libnghttp2_asio1-debuginfo-1.40.0-150000.3.17.1 * libnghttp2-devel-1.40.0-150000.3.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libnghttp2-14-debuginfo-1.40.0-150000.3.17.1 * libnghttp2_asio-devel-1.40.0-150000.3.17.1 * nghttp2-debuginfo-1.40.0-150000.3.17.1 * libnghttp2_asio1-1.40.0-150000.3.17.1 * libnghttp2-14-1.40.0-150000.3.17.1 * nghttp2-debugsource-1.40.0-150000.3.17.1 * libnghttp2_asio1-debuginfo-1.40.0-150000.3.17.1 * libnghttp2-devel-1.40.0-150000.3.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libnghttp2-14-32bit-1.40.0-150000.3.17.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150000.3.17.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150000.3.17.1 * libnghttp2_asio-devel-1.40.0-150000.3.17.1 * nghttp2-debuginfo-1.40.0-150000.3.17.1 * libnghttp2_asio1-1.40.0-150000.3.17.1 * libnghttp2-14-1.40.0-150000.3.17.1 * nghttp2-debugsource-1.40.0-150000.3.17.1 * libnghttp2_asio1-debuginfo-1.40.0-150000.3.17.1 * libnghttp2-devel-1.40.0-150000.3.17.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libnghttp2-14-32bit-1.40.0-150000.3.17.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150000.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216123 * https://bugzilla.suse.com/show_bug.cgi?id=1216174 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 08:30:05 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 08:30:05 -0000 Subject: SUSE-SU-2023:4495-1: important: Security update for postgresql, postgresql15, postgresql16 Message-ID: <170055540568.22646.14237020664116992741@smelt2.prg2.suse.org> # Security update for postgresql, postgresql15, postgresql16 Announcement ID: SUSE-SU-2023:4495-1 Rating: important References: * bsc#1122892 * bsc#1179231 * bsc#1206796 * bsc#1209208 * bsc#1216022 * bsc#1216734 * bsc#1216960 * bsc#1216961 * bsc#1216962 * jsc#PED-5586 Cross-References: * CVE-2023-5868 * CVE-2023-5869 * CVE-2023-5870 CVSS scores: * CVE-2023-5868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5869 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5870 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves three vulnerabilities, contains one feature and has six security fixes can now be installed. ## Description: This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16. Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) Changes in postgresql16: * Upgrade to 16.1: * https://www.postgresql.org/about/news/2715 * https://www.postgresql.org/docs/16/release-16.html * https://www.postgresql.org/docs/16/release-16-1.html * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. Changes in postgresql15: * Update to 15.5 https://www.postgresql.org/docs/15/release-15-5.html * The libs and mini package are now provided by postgresql16. * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * Change the unix domain socket location from /var/run to /run. Changes in postgresql: * Interlock version and release of all noarch packages except for the postgresql-docs. * bsc#1122892: Add a sysconfig variable for initdb. * Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. * bsc#1179231: Add an explanation for the /tmp -> /run/postgresql move and permission change. * Add postgresql-README as a separate source file. * bsc#1209208: Drop hard dependency on systemd * bsc#1206796: Refine the distinction of where to use sysusers and use bcond to have the expression only in one place. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4495=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4495=1 openSUSE-SLE-15.4-2023-4495=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4495=1 openSUSE-SLE-15.5-2023-4495=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4495=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4495=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4495=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4495=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4495=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4495=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4495=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4495=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4495=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4495=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4495=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4495=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4495=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4495=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4495=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4495=1 ## Package List: * openSUSE Leap 15.3 (noarch) * postgresql-test-16-150300.10.18.3 * postgresql-16-150300.10.18.3 * postgresql-llvmjit-devel-16-150300.10.18.3 * postgresql-plperl-16-150300.10.18.3 * postgresql-contrib-16-150300.10.18.3 * postgresql-server-16-150300.10.18.3 * postgresql-server-devel-16-150300.10.18.3 * postgresql-llvmjit-16-150300.10.18.3 * postgresql-plpython-16-150300.10.18.3 * postgresql-docs-16-150300.10.18.3 * postgresql-pltcl-16-150300.10.18.3 * postgresql-devel-16-150300.10.18.3 * openSUSE Leap 15.4 (noarch) * postgresql-plperl-16-150400.4.9.2 * postgresql-server-16-150400.4.9.2 * postgresql-docs-16-150400.4.9.2 * postgresql15-docs-15.5-150200.5.19.1 * postgresql-llvmjit-16-150400.4.9.2 * postgresql-llvmjit-devel-16-150300.10.18.3 * postgresql-devel-16-150400.4.9.2 * postgresql-llvmjit-devel-16-150400.4.9.2 * postgresql-server-devel-16-150400.4.9.2 * postgresql-contrib-16-150400.4.9.2 * postgresql-pltcl-16-150400.4.9.2 * postgresql-plpython-16-150400.4.9.2 * postgresql-16-150400.4.9.2 * postgresql-test-16-150400.4.9.2 * postgresql16-docs-16.1-150200.5.7.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql16-devel-debuginfo-16.1-150200.5.7.1 * postgresql16-devel-16.1-150200.5.7.1 * postgresql15-test-15.5-150200.5.19.1 * postgresql16-pltcl-debuginfo-16.1-150200.5.7.1 * postgresql16-test-16.1-150200.5.7.1 * postgresql15-15.5-150200.5.19.1 * postgresql16-16.1-150200.5.7.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * postgresql16-devel-mini-debuginfo-16.1-150200.5.7.1 * postgresql16-plperl-16.1-150200.5.7.1 * postgresql16-server-debuginfo-16.1-150200.5.7.1 * postgresql15-llvmjit-devel-15.5-150200.5.19.1 * libpq5-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql16-server-devel-16.1-150200.5.7.1 * postgresql16-contrib-16.1-150200.5.7.1 * postgresql16-pltcl-16.1-150200.5.7.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql15-llvmjit-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql16-plpython-debuginfo-16.1-150200.5.7.1 * postgresql16-llvmjit-16.1-150200.5.7.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * libpq5-16.1-150200.5.7.1 * postgresql16-server-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-llvmjit-debuginfo-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql16-llvmjit-debuginfo-16.1-150200.5.7.1 * postgresql16-plperl-debuginfo-16.1-150200.5.7.1 * postgresql16-contrib-debuginfo-16.1-150200.5.7.1 * postgresql16-server-devel-debuginfo-16.1-150200.5.7.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql16-plpython-16.1-150200.5.7.1 * postgresql16-mini-debugsource-16.1-150200.5.7.1 * postgresql16-devel-mini-16.1-150200.5.7.1 * postgresql16-llvmjit-devel-16.1-150200.5.7.1 * postgresql15-pltcl-15.5-150200.5.19.1 * openSUSE Leap 15.4 (x86_64) * libecpg6-32bit-debuginfo-16.1-150200.5.7.1 * libpq5-32bit-16.1-150200.5.7.1 * libecpg6-32bit-16.1-150200.5.7.1 * libpq5-32bit-debuginfo-16.1-150200.5.7.1 * openSUSE Leap 15.5 (noarch) * postgresql-server-devel-16-150500.10.3.2 * postgresql15-docs-15.5-150200.5.19.1 * postgresql-llvmjit-16-150500.10.3.2 * postgresql-test-16-150500.10.3.2 * postgresql16-docs-16.1-150200.5.7.1 * postgresql-plperl-16-150500.10.3.2 * postgresql-docs-16-150500.10.3.2 * postgresql-server-16-150500.10.3.2 * postgresql-plpython-16-150500.10.3.2 * postgresql-pltcl-16-150500.10.3.2 * postgresql-devel-16-150500.10.3.2 * postgresql-llvmjit-devel-16-150500.10.3.2 * postgresql-16-150500.10.3.2 * postgresql-contrib-16-150500.10.3.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql16-devel-debuginfo-16.1-150200.5.7.1 * postgresql16-devel-16.1-150200.5.7.1 * postgresql15-test-15.5-150200.5.19.1 * postgresql16-pltcl-debuginfo-16.1-150200.5.7.1 * postgresql16-test-16.1-150200.5.7.1 * postgresql15-15.5-150200.5.19.1 * postgresql16-16.1-150200.5.7.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * postgresql16-devel-mini-debuginfo-16.1-150200.5.7.1 * postgresql16-plperl-16.1-150200.5.7.1 * postgresql16-server-debuginfo-16.1-150200.5.7.1 * postgresql15-llvmjit-devel-15.5-150200.5.19.1 * libpq5-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql16-server-devel-16.1-150200.5.7.1 * postgresql16-contrib-16.1-150200.5.7.1 * postgresql16-pltcl-16.1-150200.5.7.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql15-llvmjit-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql16-plpython-debuginfo-16.1-150200.5.7.1 * postgresql16-llvmjit-16.1-150200.5.7.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * libpq5-16.1-150200.5.7.1 * postgresql16-server-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-llvmjit-debuginfo-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql16-llvmjit-debuginfo-16.1-150200.5.7.1 * postgresql16-plperl-debuginfo-16.1-150200.5.7.1 * postgresql16-contrib-debuginfo-16.1-150200.5.7.1 * postgresql16-server-devel-debuginfo-16.1-150200.5.7.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql16-plpython-16.1-150200.5.7.1 * postgresql16-mini-debugsource-16.1-150200.5.7.1 * postgresql16-devel-mini-16.1-150200.5.7.1 * postgresql16-llvmjit-devel-16.1-150200.5.7.1 * postgresql15-pltcl-15.5-150200.5.19.1 * openSUSE Leap 15.5 (x86_64) * libecpg6-32bit-debuginfo-16.1-150200.5.7.1 * libpq5-32bit-16.1-150200.5.7.1 * libecpg6-32bit-16.1-150200.5.7.1 * libpq5-32bit-debuginfo-16.1-150200.5.7.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpq5-16.1-150200.5.7.1 * postgresql16-debugsource-16.1-150200.5.7.1 * postgresql16-debuginfo-16.1-150200.5.7.1 * libpq5-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql15-15.5-150200.5.19.1 * postgresql16-16.1-150200.5.7.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * Basesystem Module 15-SP4 (noarch) * postgresql-16-150400.4.9.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libpq5-16.1-150200.5.7.1 * postgresql16-debugsource-16.1-150200.5.7.1 * postgresql16-debuginfo-16.1-150200.5.7.1 * libpq5-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql15-15.5-150200.5.19.1 * postgresql16-16.1-150200.5.7.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * Basesystem Module 15-SP5 (noarch) * postgresql-16-150500.10.3.2 * Legacy Module 15-SP4 (noarch) * postgresql-llvmjit-devel-16-150400.4.9.2 * postgresql-llvmjit-16-150400.4.9.2 * Legacy Module 15-SP5 (noarch) * postgresql-llvmjit-16-150500.10.3.2 * postgresql-llvmjit-devel-16-150500.10.3.2 * SUSE Package Hub 15 15-SP4 (noarch) * postgresql-plperl-16-150400.4.9.2 * postgresql-server-16-150400.4.9.2 * postgresql-docs-16-150400.4.9.2 * postgresql-llvmjit-16-150400.4.9.2 * postgresql-devel-16-150400.4.9.2 * postgresql-llvmjit-devel-16-150400.4.9.2 * postgresql-server-devel-16-150400.4.9.2 * postgresql-contrib-16-150400.4.9.2 * postgresql-pltcl-16-150400.4.9.2 * postgresql-plpython-16-150400.4.9.2 * postgresql-16-150400.4.9.2 * postgresql-test-16-150400.4.9.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql15-llvmjit-15.5-150200.5.19.1 * postgresql15-llvmjit-devel-15.5-150200.5.19.1 * postgresql15-test-15.5-150200.5.19.1 * postgresql15-llvmjit-debuginfo-15.5-150200.5.19.1 * postgresql16-llvmjit-debuginfo-16.1-150200.5.7.1 * postgresql16-test-16.1-150200.5.7.1 * postgresql16-llvmjit-16.1-150200.5.7.1 * postgresql16-llvmjit-devel-16.1-150200.5.7.1 * SUSE Package Hub 15 15-SP5 (noarch) * postgresql-server-devel-16-150500.10.3.2 * postgresql-llvmjit-16-150500.10.3.2 * postgresql-test-16-150500.10.3.2 * postgresql-plperl-16-150500.10.3.2 * postgresql-docs-16-150500.10.3.2 * postgresql-server-16-150500.10.3.2 * postgresql-plpython-16-150500.10.3.2 * postgresql-pltcl-16-150500.10.3.2 * postgresql-devel-16-150500.10.3.2 * postgresql-llvmjit-devel-16-150500.10.3.2 * postgresql-16-150500.10.3.2 * postgresql-contrib-16-150500.10.3.2 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * postgresql16-test-16.1-150200.5.7.1 * postgresql16-llvmjit-16.1-150200.5.7.1 * postgresql16-llvmjit-devel-16.1-150200.5.7.1 * postgresql16-llvmjit-debuginfo-16.1-150200.5.7.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql16-devel-debuginfo-16.1-150200.5.7.1 * postgresql16-devel-16.1-150200.5.7.1 * postgresql16-pltcl-debuginfo-16.1-150200.5.7.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * postgresql16-plperl-16.1-150200.5.7.1 * postgresql16-server-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql16-server-devel-16.1-150200.5.7.1 * postgresql16-contrib-16.1-150200.5.7.1 * postgresql16-pltcl-16.1-150200.5.7.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql16-plpython-debuginfo-16.1-150200.5.7.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * postgresql16-server-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql16-plperl-debuginfo-16.1-150200.5.7.1 * postgresql16-server-devel-debuginfo-16.1-150200.5.7.1 * postgresql16-contrib-debuginfo-16.1-150200.5.7.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql16-plpython-16.1-150200.5.7.1 * postgresql15-pltcl-15.5-150200.5.19.1 * Server Applications Module 15-SP4 (noarch) * postgresql-plperl-16-150400.4.9.2 * postgresql-server-16-150400.4.9.2 * postgresql-docs-16-150400.4.9.2 * postgresql15-docs-15.5-150200.5.19.1 * postgresql-devel-16-150400.4.9.2 * postgresql-server-devel-16-150400.4.9.2 * postgresql-contrib-16-150400.4.9.2 * postgresql-plpython-16-150400.4.9.2 * postgresql-pltcl-16-150400.4.9.2 * postgresql16-docs-16.1-150200.5.7.1 * Server Applications Module 15-SP4 (ppc64le) * postgresql15-15.5-150200.5.19.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql16-devel-debuginfo-16.1-150200.5.7.1 * postgresql16-devel-16.1-150200.5.7.1 * postgresql16-pltcl-debuginfo-16.1-150200.5.7.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * postgresql16-plperl-16.1-150200.5.7.1 * postgresql16-server-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql16-server-devel-16.1-150200.5.7.1 * postgresql16-contrib-16.1-150200.5.7.1 * postgresql16-pltcl-16.1-150200.5.7.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql16-plpython-debuginfo-16.1-150200.5.7.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * postgresql16-server-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql16-plperl-debuginfo-16.1-150200.5.7.1 * postgresql16-server-devel-debuginfo-16.1-150200.5.7.1 * postgresql16-contrib-debuginfo-16.1-150200.5.7.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql16-plpython-16.1-150200.5.7.1 * postgresql15-pltcl-15.5-150200.5.19.1 * Server Applications Module 15-SP5 (noarch) * postgresql-server-devel-16-150500.10.3.2 * postgresql15-docs-15.5-150200.5.19.1 * postgresql16-docs-16.1-150200.5.7.1 * postgresql-docs-16-150500.10.3.2 * postgresql-server-16-150500.10.3.2 * postgresql-plpython-16-150500.10.3.2 * postgresql-pltcl-16-150500.10.3.2 * postgresql-devel-16-150500.10.3.2 * postgresql-plperl-16-150500.10.3.2 * postgresql-contrib-16-150500.10.3.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libpq5-debuginfo-16.1-150200.5.7.1 * libpq5-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * postgresql-server-devel-16-150200.4.24.1 * postgresql-docs-16-150200.4.24.1 * postgresql-pltcl-16-150200.4.24.1 * postgresql-devel-16-150200.4.24.1 * postgresql-plpython-16-150200.4.24.1 * postgresql-contrib-16-150200.4.24.1 * postgresql-plperl-16-150200.4.24.1 * postgresql-server-16-150200.4.24.1 * postgresql-16-150200.4.24.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libpq5-32bit-16.1-150200.5.7.1 * libpq5-32bit-debuginfo-16.1-150200.5.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql15-15.5-150200.5.19.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * libpq5-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * libpq5-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql15-pltcl-15.5-150200.5.19.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * postgresql15-docs-15.5-150200.5.19.1 * postgresql-16-150300.10.18.3 * postgresql-plperl-16-150300.10.18.3 * postgresql-contrib-16-150300.10.18.3 * postgresql-server-16-150300.10.18.3 * postgresql-server-devel-16-150300.10.18.3 * postgresql-plpython-16-150300.10.18.3 * postgresql-docs-16-150300.10.18.3 * postgresql-pltcl-16-150300.10.18.3 * postgresql-devel-16-150300.10.18.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql15-15.5-150200.5.19.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * libpq5-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * libpq5-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql15-pltcl-15.5-150200.5.19.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql15-docs-15.5-150200.5.19.1 * postgresql-16-150300.10.18.3 * postgresql-plperl-16-150300.10.18.3 * postgresql-contrib-16-150300.10.18.3 * postgresql-server-16-150300.10.18.3 * postgresql-server-devel-16-150300.10.18.3 * postgresql-plpython-16-150300.10.18.3 * postgresql-docs-16-150300.10.18.3 * postgresql-pltcl-16-150300.10.18.3 * postgresql-devel-16-150300.10.18.3 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libpq5-debuginfo-16.1-150200.5.7.1 * libpq5-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * postgresql-server-devel-16-150200.4.24.1 * postgresql-docs-16-150200.4.24.1 * postgresql-pltcl-16-150200.4.24.1 * postgresql-devel-16-150200.4.24.1 * postgresql-plpython-16-150200.4.24.1 * postgresql-contrib-16-150200.4.24.1 * postgresql-plperl-16-150200.4.24.1 * postgresql-server-16-150200.4.24.1 * postgresql-16-150200.4.24.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libpq5-32bit-16.1-150200.5.7.1 * libpq5-32bit-debuginfo-16.1-150200.5.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql15-15.5-150200.5.19.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * libpq5-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * libpq5-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql15-pltcl-15.5-150200.5.19.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * postgresql15-docs-15.5-150200.5.19.1 * postgresql-16-150300.10.18.3 * postgresql-plperl-16-150300.10.18.3 * postgresql-contrib-16-150300.10.18.3 * postgresql-server-16-150300.10.18.3 * postgresql-server-devel-16-150300.10.18.3 * postgresql-plpython-16-150300.10.18.3 * postgresql-docs-16-150300.10.18.3 * postgresql-pltcl-16-150300.10.18.3 * postgresql-devel-16-150300.10.18.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libpq5-debuginfo-16.1-150200.5.7.1 * libpq5-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * postgresql-server-devel-16-150200.4.24.1 * postgresql-docs-16-150200.4.24.1 * postgresql-pltcl-16-150200.4.24.1 * postgresql-devel-16-150200.4.24.1 * postgresql-plpython-16-150200.4.24.1 * postgresql-contrib-16-150200.4.24.1 * postgresql-plperl-16-150200.4.24.1 * postgresql-server-16-150200.4.24.1 * postgresql-16-150200.4.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libpq5-32bit-16.1-150200.5.7.1 * libpq5-32bit-debuginfo-16.1-150200.5.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql15-15.5-150200.5.19.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * libpq5-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * libpq5-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql15-pltcl-15.5-150200.5.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql15-docs-15.5-150200.5.19.1 * postgresql-16-150300.10.18.3 * postgresql-plperl-16-150300.10.18.3 * postgresql-contrib-16-150300.10.18.3 * postgresql-server-16-150300.10.18.3 * postgresql-server-devel-16-150300.10.18.3 * postgresql-plpython-16-150300.10.18.3 * postgresql-docs-16-150300.10.18.3 * postgresql-pltcl-16-150300.10.18.3 * postgresql-devel-16-150300.10.18.3 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql16-debuginfo-16.1-150200.5.7.1 * postgresql15-debugsource-15.5-150200.5.19.1 * postgresql15-15.5-150200.5.19.1 * postgresql15-contrib-debuginfo-15.5-150200.5.19.1 * libpq5-debuginfo-16.1-150200.5.7.1 * libecpg6-16.1-150200.5.7.1 * postgresql15-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-debuginfo-15.5-150200.5.19.1 * postgresql15-pltcl-debuginfo-15.5-150200.5.19.1 * postgresql15-server-devel-debuginfo-15.5-150200.5.19.1 * postgresql15-server-debuginfo-15.5-150200.5.19.1 * postgresql15-contrib-15.5-150200.5.19.1 * postgresql15-server-15.5-150200.5.19.1 * postgresql16-debugsource-16.1-150200.5.7.1 * libecpg6-debuginfo-16.1-150200.5.7.1 * postgresql15-plpython-15.5-150200.5.19.1 * postgresql15-debuginfo-15.5-150200.5.19.1 * libpq5-16.1-150200.5.7.1 * postgresql15-server-devel-15.5-150200.5.19.1 * postgresql15-devel-15.5-150200.5.19.1 * postgresql15-plpython-debuginfo-15.5-150200.5.19.1 * postgresql15-plperl-15.5-150200.5.19.1 * postgresql15-pltcl-15.5-150200.5.19.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql15-docs-15.5-150200.5.19.1 * postgresql-16-150300.10.18.3 * postgresql-plperl-16-150300.10.18.3 * postgresql-contrib-16-150300.10.18.3 * postgresql-server-16-150300.10.18.3 * postgresql-server-devel-16-150300.10.18.3 * postgresql-plpython-16-150300.10.18.3 * postgresql-docs-16-150300.10.18.3 * postgresql-pltcl-16-150300.10.18.3 * postgresql-devel-16-150300.10.18.3 ## References: * https://www.suse.com/security/cve/CVE-2023-5868.html * https://www.suse.com/security/cve/CVE-2023-5869.html * https://www.suse.com/security/cve/CVE-2023-5870.html * https://bugzilla.suse.com/show_bug.cgi?id=1122892 * https://bugzilla.suse.com/show_bug.cgi?id=1179231 * https://bugzilla.suse.com/show_bug.cgi?id=1206796 * https://bugzilla.suse.com/show_bug.cgi?id=1209208 * https://bugzilla.suse.com/show_bug.cgi?id=1216022 * https://bugzilla.suse.com/show_bug.cgi?id=1216734 * https://bugzilla.suse.com/show_bug.cgi?id=1216960 * https://bugzilla.suse.com/show_bug.cgi?id=1216961 * https://bugzilla.suse.com/show_bug.cgi?id=1216962 * https://jira.suse.com/browse/PED-5586 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 08:30:11 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 08:30:11 -0000 Subject: SUSE-SU-2023:4493-1: important: Security update for ucode-intel Message-ID: <170055541164.22646.8524350727561235397@smelt2.prg2.suse.org> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:4493-1 Rating: important References: * bsc#1215278 Cross-References: * CVE-2023-23583 CVSS scores: * CVE-2023-23583 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 release. (bsc#1215278) * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4493=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4493=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4493=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * ucode-intel-debuginfo-20231114-131.1 * ucode-intel-20231114-131.1 * ucode-intel-debugsource-20231114-131.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * ucode-intel-debuginfo-20231114-131.1 * ucode-intel-20231114-131.1 * ucode-intel-debugsource-20231114-131.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * ucode-intel-debuginfo-20231114-131.1 * ucode-intel-20231114-131.1 * ucode-intel-debugsource-20231114-131.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23583.html * https://bugzilla.suse.com/show_bug.cgi?id=1215278 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 12:30:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 12:30:09 -0000 Subject: SUSE-SU-2023:4500-1: important: Security update for ucode-intel Message-ID: <170056980977.16091.6155669898795456639@smelt2.prg2.suse.org> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:4500-1 Rating: important References: * bsc#1215278 Cross-References: * CVE-2023-23583 CVSS scores: * CVE-2023-23583 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 release. (bsc#1215278) * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4500=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4500=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4500=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4500=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4500=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4500=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4500=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4500=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4500=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4500=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4500=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4500=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4500=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4500=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4500=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4500=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4500=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4500=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4500=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4500=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4500=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4500=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * ucode-intel-20231114-150200.35.1 * openSUSE Leap Micro 5.4 (x86_64) * ucode-intel-20231114-150200.35.1 * openSUSE Leap 15.4 (x86_64) * ucode-intel-20231114-150200.35.1 * openSUSE Leap 15.5 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * ucode-intel-20231114-150200.35.1 * Basesystem Module 15-SP4 (x86_64) * ucode-intel-20231114-150200.35.1 * Basesystem Module 15-SP5 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Enterprise Storage 7.1 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * ucode-intel-20231114-150200.35.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * ucode-intel-20231114-150200.35.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23583.html * https://bugzilla.suse.com/show_bug.cgi?id=1215278 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 12:30:13 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 12:30:13 -0000 Subject: SUSE-SU-2023:4499-1: moderate: Security update for avahi Message-ID: <170056981313.16091.7188202182588577491@smelt2.prg2.suse.org> # Security update for avahi Announcement ID: SUSE-SU-2023:4499-1 Rating: moderate References: * bsc#1216419 Cross-References: * CVE-2023-38473 CVSS scores: * CVE-2023-38473 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4499=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4499=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4499=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4499=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4499=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * avahi-debuginfo-0.6.32-32.21.1 * libavahi-ui-gtk3-0-debuginfo-0.6.32-32.21.1 * libavahi-gobject-devel-0.6.32-32.21.1 * python-avahi-0.6.32-32.21.1 * libavahi-ui-gtk3-0-0.6.32-32.21.1 * libavahi-gobject0-debuginfo-0.6.32-32.21.1 * libavahi-devel-0.6.32-32.21.1 * avahi-compat-howl-devel-0.6.32-32.21.1 * libhowl0-debuginfo-0.6.32-32.21.1 * libavahi-ui0-debuginfo-0.6.32-32.21.1 * typelib-1_0-Avahi-0_6-0.6.32-32.21.1 * libavahi-glib-devel-0.6.32-32.21.1 * libavahi-gobject0-0.6.32-32.21.1 * avahi-debugsource-0.6.32-32.21.1 * avahi-compat-mDNSResponder-devel-0.6.32-32.21.1 * avahi-glib2-debugsource-0.6.32-32.21.1 * libhowl0-0.6.32-32.21.1 * libavahi-ui0-0.6.32-32.21.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * avahi-debuginfo-0.6.32-32.21.1 * avahi-0.6.32-32.21.1 * libavahi-common3-0.6.32-32.21.1 * libavahi-client3-0.6.32-32.21.1 * libavahi-glib1-0.6.32-32.21.1 * libdns_sd-0.6.32-32.21.1 * libavahi-client3-debuginfo-0.6.32-32.21.1 * avahi-utils-0.6.32-32.21.1 * libavahi-common3-debuginfo-0.6.32-32.21.1 * libavahi-core7-0.6.32-32.21.1 * avahi-utils-debuginfo-0.6.32-32.21.1 * libdns_sd-debuginfo-0.6.32-32.21.1 * libavahi-glib1-debuginfo-0.6.32-32.21.1 * avahi-debugsource-0.6.32-32.21.1 * avahi-glib2-debugsource-0.6.32-32.21.1 * libavahi-core7-debuginfo-0.6.32-32.21.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * avahi-lang-0.6.32-32.21.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libavahi-client3-32bit-0.6.32-32.21.1 * libavahi-common3-debuginfo-32bit-0.6.32-32.21.1 * libavahi-client3-debuginfo-32bit-0.6.32-32.21.1 * libdns_sd-debuginfo-32bit-0.6.32-32.21.1 * libavahi-glib1-32bit-0.6.32-32.21.1 * libavahi-common3-32bit-0.6.32-32.21.1 * libdns_sd-32bit-0.6.32-32.21.1 * avahi-debuginfo-32bit-0.6.32-32.21.1 * libavahi-glib1-debuginfo-32bit-0.6.32-32.21.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * avahi-debuginfo-0.6.32-32.21.1 * avahi-0.6.32-32.21.1 * libavahi-common3-0.6.32-32.21.1 * libavahi-client3-0.6.32-32.21.1 * libavahi-glib1-0.6.32-32.21.1 * libdns_sd-0.6.32-32.21.1 * libavahi-client3-debuginfo-0.6.32-32.21.1 * avahi-utils-0.6.32-32.21.1 * libavahi-common3-debuginfo-0.6.32-32.21.1 * libavahi-core7-0.6.32-32.21.1 * avahi-utils-debuginfo-0.6.32-32.21.1 * libdns_sd-debuginfo-0.6.32-32.21.1 * libavahi-glib1-debuginfo-0.6.32-32.21.1 * avahi-debugsource-0.6.32-32.21.1 * avahi-glib2-debugsource-0.6.32-32.21.1 * libavahi-core7-debuginfo-0.6.32-32.21.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * avahi-lang-0.6.32-32.21.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libavahi-client3-32bit-0.6.32-32.21.1 * libavahi-common3-debuginfo-32bit-0.6.32-32.21.1 * libavahi-client3-debuginfo-32bit-0.6.32-32.21.1 * libdns_sd-debuginfo-32bit-0.6.32-32.21.1 * libavahi-glib1-32bit-0.6.32-32.21.1 * libavahi-common3-32bit-0.6.32-32.21.1 * libdns_sd-32bit-0.6.32-32.21.1 * avahi-debuginfo-32bit-0.6.32-32.21.1 * libavahi-glib1-debuginfo-32bit-0.6.32-32.21.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * avahi-debuginfo-0.6.32-32.21.1 * avahi-0.6.32-32.21.1 * libavahi-common3-0.6.32-32.21.1 * libavahi-client3-0.6.32-32.21.1 * libavahi-glib1-0.6.32-32.21.1 * libdns_sd-0.6.32-32.21.1 * libavahi-client3-debuginfo-0.6.32-32.21.1 * avahi-utils-0.6.32-32.21.1 * libavahi-common3-debuginfo-0.6.32-32.21.1 * libavahi-core7-0.6.32-32.21.1 * avahi-utils-debuginfo-0.6.32-32.21.1 * libdns_sd-debuginfo-0.6.32-32.21.1 * libavahi-glib1-debuginfo-0.6.32-32.21.1 * avahi-debugsource-0.6.32-32.21.1 * avahi-glib2-debugsource-0.6.32-32.21.1 * libavahi-core7-debuginfo-0.6.32-32.21.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * avahi-lang-0.6.32-32.21.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libavahi-client3-32bit-0.6.32-32.21.1 * libavahi-common3-debuginfo-32bit-0.6.32-32.21.1 * libavahi-client3-debuginfo-32bit-0.6.32-32.21.1 * libdns_sd-debuginfo-32bit-0.6.32-32.21.1 * libavahi-glib1-32bit-0.6.32-32.21.1 * libavahi-common3-32bit-0.6.32-32.21.1 * libdns_sd-32bit-0.6.32-32.21.1 * avahi-debuginfo-32bit-0.6.32-32.21.1 * libavahi-glib1-debuginfo-32bit-0.6.32-32.21.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libavahi-ui-gtk3-0-debuginfo-0.6.32-32.21.1 * libavahi-ui-gtk3-0-0.6.32-32.21.1 * libavahi-gobject0-debuginfo-0.6.32-32.21.1 * libavahi-gobject0-0.6.32-32.21.1 * libavahi-ui0-debuginfo-0.6.32-32.21.1 * avahi-glib2-debugsource-0.6.32-32.21.1 * libavahi-ui0-0.6.32-32.21.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38473.html * https://bugzilla.suse.com/show_bug.cgi?id=1216419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 12:30:25 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 12:30:25 -0000 Subject: SUSE-SU-2023:4496-1: moderate: Security update for libreoffice Message-ID: <170056982536.16091.13616131647428917560@smelt2.prg2.suse.org> # Security update for libreoffice Announcement ID: SUSE-SU-2023:4496-1 Rating: moderate References: * bsc#1209243 * bsc#1212444 * bsc#1215595 * jsc#PED-5199 * jsc#PED-6799 * jsc#PED-6800 Cross-References: * CVE-2023-1183 CVSS scores: * CVE-2023-1183 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N * CVE-2023-1183 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability, contains three features and has two security fixes can now be installed. ## Description: This update for fixes the following issues: libreoffice was updated rom 7.5.4.1 to 7.6.2.1 (jsc#PED-6799, jsc#PED-6800): * For the highlights of changes of version 7.6 please consult the official release notes: * https://wiki.documentfoundation.org/ReleaseNotes/7.6 * You can check for each minor release notes here: * https://wiki.documentfoundation.org/Releases/7.6.2/RC1 * https://wiki.documentfoundation.org/Releases/7.6.1/RC2 * https://wiki.documentfoundation.org/Releases/7.6.1/RC1 * https://wiki.documentfoundation.org/Releases/7.6.0/RC3 * https://wiki.documentfoundation.org/Releases/7.6.0/RC2 * https://wiki.documentfoundation.org/Releases/7.6.0/RC1 * Security issues fixed: * CVE-2023-1183: Fixed arbitrary file write in LibreOffice Base (bsc#1212444, bsc#1209243) * Updated bundled dependencies: * boost version update from 1_80_0 to 1_82_0 * curl version update from 8.0.1 to 8.2.1 * icu4c-data version update from 72_1 to 73_2 * icu4c version update from 72_1 to 73_2 * pdfium version update from 5408 to 5778 * poppler version update from 22.12.0 to 23.06.0 * poppler-data version update from 0.4.11 to 0.4.12 * skia version from m103-b301ff025004c9cd82816c86c547588e6c24b466 to skia-m111-a31e897fb3dcbc96b2b40999751611d029bf5404 * New bundled dependencies: * graphite2-minimal-1.3.14.tgz * harfbuzz-8.0.0.tar.xz * New build dependencies: * frozen-devel * liborcus-0_18-0 * libixion * mdds-2_1 * New runtime dependencies: * `libreoffice-draw` requires `libreoffice-impress` (bsc#1215595) frozen was implemented: * New Libreoffice package dependency libixion was updated to version 0.18.1: * Updated to 0.18.1: * Fixed a 32-bit Linux build issue as discovered on Debian, due to a clash on two 32-bit unsigned integer types being used with std::variant. * Updated to 0.18.0: * Removed the formula_model_access interface from model_context, and switched to using model_context directly everywhere. * Revised formula_tokens_t type to remove use of std::unique_ptr for each formula_token instance. This should improve memory locality when iterating through an array of formula token values. A similar change has also been made to lexer_tokens_t and lexer_token types. * Added 41 built-in functions * Added support for multi-sheet references in Excel A1 and Excel R1C1 grammers. liborcus was updated to version 0.18.1: * Updated to 0.18.1: * sax parser: * added support for optionally skipping multiple BOM's in the beginning of XML stream. This affects all XML-based file format filters such as xls-xml (aka Excel 2003 XML). * xml-map: * fixed a bug where an XML document consisting of simple single-column records were not properly converted to sheet data * xls-xml: * fixed a bug where the filter would always pass border color even when it was not set * buildsystem: * added new configure switches --without-benchmark and --without-doc-example to optinally skip building of these two directories mdds-2_1 was implemented: * New Libreoffice package dependency ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4496=1 openSUSE-SLE-15.4-2023-4496=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4496=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4496=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4496=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4496=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4496=1 ## Package List: * openSUSE Leap 15.4 (noarch) * libreoffice-l10n-sa_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sid-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ja-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dgo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ga-7.6.2.1-150400.17.17.3 * libreoffice-l10n-et-7.6.2.1-150400.17.17.3 * libreoffice-l10n-am-7.6.2.1-150400.17.17.3 * libreoffice-l10n-my-7.6.2.1-150400.17.17.3 * libreoffice-l10n-rw-7.6.2.1-150400.17.17.3 * libreoffice-l10n-be-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ta-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ka-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hr-7.6.2.1-150400.17.17.3 * libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-he-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sq-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.17.3 * libreoffice-l10n-el-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sd-7.6.2.1-150400.17.17.3 * frozen-devel-1.1.1-150400.9.3.2 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mni-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kok-7.6.2.1-150400.17.17.3 * libreoffice-l10n-es-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ast-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.17.3 * libreoffice-glade-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-st-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-de-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gd-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ks-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ro-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mai-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sat-7.6.2.1-150400.17.17.3 * libreoffice-l10n-af-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-km-7.6.2.1-150400.17.17.3 * libreoffice-l10n-br-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tt-7.6.2.1-150400.17.17.3 * libreoffice-l10n-or-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-th-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kab-7.6.2.1-150400.17.17.3 * libreoffice-l10n-da-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-is-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ss-7.6.2.1-150400.17.17.3 * libreoffice-l10n-oc-7.6.2.1-150400.17.17.3 * libreoffice-l10n-te-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kn-7.6.2.1-150400.17.17.3 * libreoffice-branding-upstream-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ar-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ko-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ne-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lt-7.6.2.1-150400.17.17.3 * libreoffice-icon-themes-7.6.2.1-150400.17.17.3 * libreoffice-l10n-as-7.6.2.1-150400.17.17.3 * libreoffice-l10n-xh-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nso-7.6.2.1-150400.17.17.3 * libreoffice-l10n-szl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fur-7.6.2.1-150400.17.17.3 * libreoffice-l10n-si-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ru-7.6.2.1-150400.17.17.3 * libreoffice-l10n-id-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_ZA-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ve-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ckb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vec-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-om-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ts-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ml-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-it-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_GB-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.17.3 * mdds-2_1-devel-2.1.1-150400.9.3.2 * libreoffice-l10n-hu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-brx-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sl-7.6.2.1-150400.17.17.3 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libixion-devel-0.18.1-150400.14.3.2 * liborcus-tools-debuginfo-0.18.1-150400.13.3.2 * liborcus-debugsource-0.18.1-150400.13.3.2 * libreoffice-officebean-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-debuginfo-0.18.1-150400.13.3.2 * libreoffice-sdk-doc-7.6.2.1-150400.17.17.3 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-debugsource-7.6.2.1-150400.17.17.3 * python3-liborcus-debuginfo-0.18.1-150400.13.3.2 * libreoffice-sdk-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-7.6.2.1-150400.17.17.3 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-debuginfo-0.18.1-150400.13.3.2 * libreoffice-math-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-extensions-7.6.2.1-150400.17.17.3 * libreoffice-debuginfo-7.6.2.1-150400.17.17.3 * python3-libixion-debuginfo-0.18.1-150400.14.3.2 * libixion-tools-0.18.1-150400.14.3.2 * libreoffice-mailmerge-7.6.2.1-150400.17.17.3 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-0.18.1-150400.13.3.2 * libreoffice-pyuno-7.6.2.1-150400.17.17.3 * libreofficekit-devel-7.6.2.1-150400.17.17.3 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-extensions-7.6.2.1-150400.17.17.3 * libreoffice-base-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-filters-optional-7.6.2.1-150400.17.17.3 * libreoffice-calc-7.6.2.1-150400.17.17.3 * libreoffice-librelogo-7.6.2.1-150400.17.17.3 * libreoffice-draw-7.6.2.1-150400.17.17.3 * libreoffice-qt5-7.6.2.1-150400.17.17.3 * libreoffice-qt5-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-7.6.2.1-150400.17.17.3 * libixion-debuginfo-0.18.1-150400.14.3.2 * libreoffice-writer-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-7.6.2.1-150400.17.17.3 * libreoffice-7.6.2.1-150400.17.17.3 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.17.3 * libixion-tools-debuginfo-0.18.1-150400.14.3.2 * libreoffice-impress-7.6.2.1-150400.17.17.3 * libixion-debugsource-0.18.1-150400.14.3.2 * liborcus-tools-0.18.1-150400.13.3.2 * libreofficekit-7.6.2.1-150400.17.17.3 * python3-liborcus-0.18.1-150400.13.3.2 * libreoffice-sdk-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.17.3 * libixion-0_18-0-debuginfo-0.18.1-150400.14.3.2 * libixion-0_18-0-0.18.1-150400.14.3.2 * python3-libixion-0.18.1-150400.14.3.2 * libreoffice-gnome-7.6.2.1-150400.17.17.3 * liborcus-devel-0.18.1-150400.13.3.2 * openSUSE Leap 15.5 (noarch) * libreoffice-l10n-sa_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sid-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ja-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dgo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ga-7.6.2.1-150400.17.17.3 * libreoffice-l10n-et-7.6.2.1-150400.17.17.3 * libreoffice-l10n-am-7.6.2.1-150400.17.17.3 * libreoffice-l10n-my-7.6.2.1-150400.17.17.3 * libreoffice-l10n-rw-7.6.2.1-150400.17.17.3 * libreoffice-l10n-be-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ta-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ka-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hr-7.6.2.1-150400.17.17.3 * libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-he-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sq-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.17.3 * libreoffice-l10n-el-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sd-7.6.2.1-150400.17.17.3 * frozen-devel-1.1.1-150400.9.3.2 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mni-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kok-7.6.2.1-150400.17.17.3 * libreoffice-l10n-es-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ast-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.17.3 * libreoffice-glade-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-st-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-de-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gd-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ks-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ro-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mai-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sat-7.6.2.1-150400.17.17.3 * libreoffice-l10n-af-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-km-7.6.2.1-150400.17.17.3 * libreoffice-l10n-br-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tt-7.6.2.1-150400.17.17.3 * libreoffice-l10n-or-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-th-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kab-7.6.2.1-150400.17.17.3 * libreoffice-l10n-da-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-is-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ss-7.6.2.1-150400.17.17.3 * libreoffice-l10n-oc-7.6.2.1-150400.17.17.3 * libreoffice-l10n-te-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kn-7.6.2.1-150400.17.17.3 * libreoffice-branding-upstream-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ar-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ko-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ne-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lt-7.6.2.1-150400.17.17.3 * libreoffice-icon-themes-7.6.2.1-150400.17.17.3 * libreoffice-l10n-as-7.6.2.1-150400.17.17.3 * libreoffice-l10n-xh-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nso-7.6.2.1-150400.17.17.3 * libreoffice-l10n-szl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fur-7.6.2.1-150400.17.17.3 * libreoffice-l10n-si-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ru-7.6.2.1-150400.17.17.3 * libreoffice-l10n-id-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_ZA-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ve-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ckb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vec-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-om-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ts-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ml-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-it-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_GB-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.17.3 * mdds-2_1-devel-2.1.1-150400.9.3.2 * libreoffice-l10n-hu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-brx-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sl-7.6.2.1-150400.17.17.3 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libixion-devel-0.18.1-150400.14.3.2 * liborcus-debuginfo-0.18.1-150400.13.3.2 * liborcus-debugsource-0.18.1-150400.13.3.2 * liborcus-tools-debuginfo-0.18.1-150400.13.3.2 * liborcus-0_18-0-debuginfo-0.18.1-150400.13.3.2 * liborcus-tools-0.18.1-150400.13.3.2 * python3-libixion-debuginfo-0.18.1-150400.14.3.2 * libixion-debuginfo-0.18.1-150400.14.3.2 * libixion-tools-0.18.1-150400.14.3.2 * python3-liborcus-0.18.1-150400.13.3.2 * python3-liborcus-debuginfo-0.18.1-150400.13.3.2 * liborcus-0_18-0-0.18.1-150400.13.3.2 * libixion-0_18-0-debuginfo-0.18.1-150400.14.3.2 * libixion-0_18-0-0.18.1-150400.14.3.2 * python3-libixion-0.18.1-150400.14.3.2 * liborcus-devel-0.18.1-150400.13.3.2 * libixion-tools-debuginfo-0.18.1-150400.14.3.2 * libixion-debugsource-0.18.1-150400.14.3.2 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * libreoffice-sdk-doc-7.6.2.1-150400.17.17.3 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-debugsource-7.6.2.1-150400.17.17.3 * libreoffice-sdk-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-7.6.2.1-150400.17.17.3 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-extensions-7.6.2.1-150400.17.17.3 * libreoffice-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-mailmerge-7.6.2.1-150400.17.17.3 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-pyuno-7.6.2.1-150400.17.17.3 * libreofficekit-devel-7.6.2.1-150400.17.17.3 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-extensions-7.6.2.1-150400.17.17.3 * libreoffice-filters-optional-7.6.2.1-150400.17.17.3 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-7.6.2.1-150400.17.17.3 * libreoffice-librelogo-7.6.2.1-150400.17.17.3 * libreoffice-draw-7.6.2.1-150400.17.17.3 * libreoffice-qt5-7.6.2.1-150400.17.17.3 * libreoffice-base-7.6.2.1-150400.17.17.3 * libreoffice-writer-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-7.6.2.1-150400.17.17.3 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-7.6.2.1-150400.17.17.3 * libreoffice-impress-7.6.2.1-150400.17.17.3 * libreofficekit-7.6.2.1-150400.17.17.3 * libreoffice-sdk-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-gnome-7.6.2.1-150400.17.17.3 * libreoffice-officebean-7.6.2.1-150400.17.17.3 * libreoffice-qt5-debuginfo-7.6.2.1-150400.17.17.3 * SUSE Package Hub 15 15-SP4 (noarch) * libreoffice-l10n-sa_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sid-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ja-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dgo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ga-7.6.2.1-150400.17.17.3 * libreoffice-l10n-et-7.6.2.1-150400.17.17.3 * libreoffice-l10n-am-7.6.2.1-150400.17.17.3 * libreoffice-l10n-my-7.6.2.1-150400.17.17.3 * libreoffice-l10n-rw-7.6.2.1-150400.17.17.3 * libreoffice-l10n-be-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ta-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ka-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hr-7.6.2.1-150400.17.17.3 * libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-he-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sq-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.17.3 * libreoffice-l10n-el-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sd-7.6.2.1-150400.17.17.3 * frozen-devel-1.1.1-150400.9.3.2 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mni-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kok-7.6.2.1-150400.17.17.3 * libreoffice-l10n-es-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ast-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.17.3 * libreoffice-glade-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-st-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-de-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gd-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ks-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ro-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mai-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sat-7.6.2.1-150400.17.17.3 * libreoffice-l10n-af-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-km-7.6.2.1-150400.17.17.3 * libreoffice-l10n-br-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tt-7.6.2.1-150400.17.17.3 * libreoffice-l10n-or-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-th-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kab-7.6.2.1-150400.17.17.3 * libreoffice-l10n-da-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-is-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ss-7.6.2.1-150400.17.17.3 * libreoffice-l10n-oc-7.6.2.1-150400.17.17.3 * libreoffice-l10n-te-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kn-7.6.2.1-150400.17.17.3 * libreoffice-branding-upstream-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ar-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ko-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ne-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lt-7.6.2.1-150400.17.17.3 * libreoffice-icon-themes-7.6.2.1-150400.17.17.3 * libreoffice-l10n-as-7.6.2.1-150400.17.17.3 * libreoffice-l10n-xh-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nso-7.6.2.1-150400.17.17.3 * libreoffice-l10n-szl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fur-7.6.2.1-150400.17.17.3 * libreoffice-l10n-si-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ru-7.6.2.1-150400.17.17.3 * libreoffice-l10n-id-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_ZA-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ve-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ckb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vec-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-om-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ts-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ml-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-it-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_GB-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.17.3 * mdds-2_1-devel-2.1.1-150400.9.3.2 * libreoffice-l10n-hu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-brx-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sl-7.6.2.1-150400.17.17.3 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le) * libreoffice-officebean-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-debuginfo-0.18.1-150400.13.3.2 * libreoffice-sdk-doc-7.6.2.1-150400.17.17.3 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-debugsource-7.6.2.1-150400.17.17.3 * libreoffice-sdk-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-7.6.2.1-150400.17.17.3 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-extensions-7.6.2.1-150400.17.17.3 * libreoffice-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-mailmerge-7.6.2.1-150400.17.17.3 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-0.18.1-150400.13.3.2 * libreoffice-pyuno-7.6.2.1-150400.17.17.3 * libreofficekit-devel-7.6.2.1-150400.17.17.3 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-extensions-7.6.2.1-150400.17.17.3 * libreoffice-filters-optional-7.6.2.1-150400.17.17.3 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-7.6.2.1-150400.17.17.3 * libreoffice-librelogo-7.6.2.1-150400.17.17.3 * libreoffice-draw-7.6.2.1-150400.17.17.3 * libreoffice-qt5-7.6.2.1-150400.17.17.3 * libreoffice-qt5-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-7.6.2.1-150400.17.17.3 * libreoffice-writer-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-7.6.2.1-150400.17.17.3 * libreoffice-7.6.2.1-150400.17.17.3 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-impress-7.6.2.1-150400.17.17.3 * libreofficekit-7.6.2.1-150400.17.17.3 * libreoffice-sdk-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.17.3 * libixion-0_18-0-debuginfo-0.18.1-150400.14.3.2 * libixion-0_18-0-0.18.1-150400.14.3.2 * libreoffice-gnome-7.6.2.1-150400.17.17.3 * liborcus-devel-0.18.1-150400.13.3.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * liborcus-debuginfo-0.18.1-150400.13.3.2 * liborcus-debugsource-0.18.1-150400.13.3.2 * libixion-debuginfo-0.18.1-150400.14.3.2 * libixion-debugsource-0.18.1-150400.14.3.2 * SUSE Package Hub 15 15-SP5 (noarch) * libreoffice-l10n-sa_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sid-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ja-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dgo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ga-7.6.2.1-150400.17.17.3 * libreoffice-l10n-et-7.6.2.1-150400.17.17.3 * libreoffice-l10n-am-7.6.2.1-150400.17.17.3 * libreoffice-l10n-my-7.6.2.1-150400.17.17.3 * libreoffice-l10n-rw-7.6.2.1-150400.17.17.3 * libreoffice-l10n-be-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ta-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ka-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hr-7.6.2.1-150400.17.17.3 * libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-he-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sq-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.17.3 * libreoffice-l10n-el-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sd-7.6.2.1-150400.17.17.3 * frozen-devel-1.1.1-150400.9.3.2 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mni-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kok-7.6.2.1-150400.17.17.3 * libreoffice-l10n-es-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn_IN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gug-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ast-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.17.3 * libreoffice-glade-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-st-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-de-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gd-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ks-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ro-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mai-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sat-7.6.2.1-150400.17.17.3 * libreoffice-l10n-af-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-km-7.6.2.1-150400.17.17.3 * libreoffice-l10n-br-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tt-7.6.2.1-150400.17.17.3 * libreoffice-l10n-or-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-th-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kab-7.6.2.1-150400.17.17.3 * libreoffice-l10n-da-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-is-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ss-7.6.2.1-150400.17.17.3 * libreoffice-l10n-oc-7.6.2.1-150400.17.17.3 * libreoffice-l10n-te-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kn-7.6.2.1-150400.17.17.3 * libreoffice-branding-upstream-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ar-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ko-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ne-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lt-7.6.2.1-150400.17.17.3 * libreoffice-icon-themes-7.6.2.1-150400.17.17.3 * libreoffice-l10n-as-7.6.2.1-150400.17.17.3 * libreoffice-l10n-xh-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nso-7.6.2.1-150400.17.17.3 * libreoffice-l10n-szl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fur-7.6.2.1-150400.17.17.3 * libreoffice-l10n-si-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ru-7.6.2.1-150400.17.17.3 * libreoffice-l10n-id-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_ZA-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ve-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ckb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dsb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-vec-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-om-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ts-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ml-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-it-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en_GB-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.17.3 * mdds-2_1-devel-2.1.1-150400.9.3.2 * libreoffice-l10n-hu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-brx-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sl-7.6.2.1-150400.17.17.3 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le) * libreoffice-officebean-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-debuginfo-0.18.1-150400.13.3.2 * libreoffice-sdk-doc-7.6.2.1-150400.17.17.3 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-debugsource-7.6.2.1-150400.17.17.3 * libreoffice-sdk-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-7.6.2.1-150400.17.17.3 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-extensions-7.6.2.1-150400.17.17.3 * libreoffice-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-mailmerge-7.6.2.1-150400.17.17.3 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-0.18.1-150400.13.3.2 * libreoffice-pyuno-7.6.2.1-150400.17.17.3 * libreofficekit-devel-7.6.2.1-150400.17.17.3 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-extensions-7.6.2.1-150400.17.17.3 * libreoffice-filters-optional-7.6.2.1-150400.17.17.3 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-7.6.2.1-150400.17.17.3 * libreoffice-librelogo-7.6.2.1-150400.17.17.3 * libreoffice-draw-7.6.2.1-150400.17.17.3 * libreoffice-qt5-7.6.2.1-150400.17.17.3 * libreoffice-qt5-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-7.6.2.1-150400.17.17.3 * libreoffice-writer-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-7.6.2.1-150400.17.17.3 * libreoffice-7.6.2.1-150400.17.17.3 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-impress-7.6.2.1-150400.17.17.3 * libreofficekit-7.6.2.1-150400.17.17.3 * libreoffice-sdk-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.17.3 * libixion-0_18-0-debuginfo-0.18.1-150400.14.3.2 * libixion-0_18-0-0.18.1-150400.14.3.2 * libreoffice-gnome-7.6.2.1-150400.17.17.3 * liborcus-devel-0.18.1-150400.13.3.2 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * libixion-devel-0.18.1-150400.14.3.2 * liborcus-debuginfo-0.18.1-150400.13.3.2 * liborcus-debugsource-0.18.1-150400.13.3.2 * liborcus-tools-debuginfo-0.18.1-150400.13.3.2 * liborcus-tools-0.18.1-150400.13.3.2 * python3-libixion-debuginfo-0.18.1-150400.14.3.2 * libixion-debuginfo-0.18.1-150400.14.3.2 * libixion-tools-0.18.1-150400.14.3.2 * python3-liborcus-0.18.1-150400.13.3.2 * python3-liborcus-debuginfo-0.18.1-150400.13.3.2 * python3-libixion-0.18.1-150400.14.3.2 * libixion-tools-debuginfo-0.18.1-150400.14.3.2 * libixion-debugsource-0.18.1-150400.14.3.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * liborcus-debugsource-0.18.1-150400.13.3.2 * libreoffice-officebean-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-debuginfo-0.18.1-150400.13.3.2 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-debugsource-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-7.6.2.1-150400.17.17.3 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-debuginfo-0.18.1-150400.13.3.2 * libreoffice-math-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-extensions-7.6.2.1-150400.17.17.3 * libreoffice-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-mailmerge-7.6.2.1-150400.17.17.3 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-0.18.1-150400.13.3.2 * libreoffice-pyuno-7.6.2.1-150400.17.17.3 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-extensions-7.6.2.1-150400.17.17.3 * libreoffice-base-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-filters-optional-7.6.2.1-150400.17.17.3 * libreoffice-calc-7.6.2.1-150400.17.17.3 * libreoffice-draw-7.6.2.1-150400.17.17.3 * libreoffice-base-7.6.2.1-150400.17.17.3 * libixion-debuginfo-0.18.1-150400.14.3.2 * libreoffice-writer-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-7.6.2.1-150400.17.17.3 * libreoffice-7.6.2.1-150400.17.17.3 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-impress-7.6.2.1-150400.17.17.3 * libixion-debugsource-0.18.1-150400.14.3.2 * libreofficekit-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.17.3 * libixion-0_18-0-debuginfo-0.18.1-150400.14.3.2 * libixion-0_18-0-0.18.1-150400.14.3.2 * libreoffice-gnome-7.6.2.1-150400.17.17.3 * liborcus-devel-0.18.1-150400.13.3.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (noarch) * libreoffice-l10n-sr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-af-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fur-7.6.2.1-150400.17.17.3 * libreoffice-l10n-br-7.6.2.1-150400.17.17.3 * libreoffice-l10n-si-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ru-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ja-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.17.3 * libreoffice-l10n-or-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-es-7.6.2.1-150400.17.17.3 * libreoffice-l10n-th-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ve-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ckb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-da-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ga-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ss-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-et-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ts-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ml-7.6.2.1-150400.17.17.3 * libreoffice-l10n-st-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-te-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ar-7.6.2.1-150400.17.17.3 * libreoffice-branding-upstream-7.6.2.1-150400.17.17.3 * libreoffice-l10n-de-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-it-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ko-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ro-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ta-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lt-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.17.3 * libreoffice-icon-themes-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-as-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-he-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-xh-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nso-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mai-7.6.2.1-150400.17.17.3 * libreoffice-l10n-el-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en-7.6.2.1-150400.17.17.3 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * liborcus-debugsource-0.18.1-150400.13.3.2 * libreoffice-officebean-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-debuginfo-0.18.1-150400.13.3.2 * libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-debugsource-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-7.6.2.1-150400.17.17.3 * libreoffice-gnome-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-debuginfo-0.18.1-150400.13.3.2 * libreoffice-math-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-extensions-7.6.2.1-150400.17.17.3 * libreoffice-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-mailmerge-7.6.2.1-150400.17.17.3 * libreoffice-draw-debuginfo-7.6.2.1-150400.17.17.3 * liborcus-0_18-0-0.18.1-150400.13.3.2 * libreoffice-pyuno-7.6.2.1-150400.17.17.3 * libreoffice-officebean-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-writer-extensions-7.6.2.1-150400.17.17.3 * libreoffice-base-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-calc-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-filters-optional-7.6.2.1-150400.17.17.3 * libreoffice-calc-7.6.2.1-150400.17.17.3 * libreoffice-draw-7.6.2.1-150400.17.17.3 * libreoffice-base-7.6.2.1-150400.17.17.3 * libixion-debuginfo-0.18.1-150400.14.3.2 * libreoffice-writer-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.17.3 * libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-math-7.6.2.1-150400.17.17.3 * libreoffice-7.6.2.1-150400.17.17.3 * libreoffice-impress-debuginfo-7.6.2.1-150400.17.17.3 * libreoffice-impress-7.6.2.1-150400.17.17.3 * libixion-debugsource-0.18.1-150400.14.3.2 * libreofficekit-7.6.2.1-150400.17.17.3 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.17.3 * libixion-0_18-0-debuginfo-0.18.1-150400.14.3.2 * libixion-0_18-0-0.18.1-150400.14.3.2 * libreoffice-gnome-7.6.2.1-150400.17.17.3 * liborcus-devel-0.18.1-150400.13.3.2 * SUSE Linux Enterprise Workstation Extension 15 SP5 (noarch) * libreoffice-l10n-sr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-af-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bg-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fur-7.6.2.1-150400.17.17.3 * libreoffice-l10n-br-7.6.2.1-150400.17.17.3 * libreoffice-l10n-si-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ru-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ja-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_TW-7.6.2.1-150400.17.17.3 * libreoffice-l10n-or-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-es-7.6.2.1-150400.17.17.3 * libreoffice-l10n-th-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ve-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ckb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-da-7.6.2.1-150400.17.17.3 * libreoffice-l10n-eo-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-dz-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ga-7.6.2.1-150400.17.17.3 * libreoffice-l10n-zh_CN-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cy-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ss-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hi-7.6.2.1-150400.17.17.3 * libreoffice-l10n-et-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ts-7.6.2.1-150400.17.17.3 * libreoffice-l10n-bn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ml-7.6.2.1-150400.17.17.3 * libreoffice-l10n-st-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-te-7.6.2.1-150400.17.17.3 * libreoffice-l10n-uk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nb-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ar-7.6.2.1-150400.17.17.3 * libreoffice-branding-upstream-7.6.2.1-150400.17.17.3 * libreoffice-l10n-de-7.6.2.1-150400.17.17.3 * libreoffice-l10n-gl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-it-7.6.2.1-150400.17.17.3 * libreoffice-l10n-kk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-cs-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ko-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_BR-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hu-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ro-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ta-7.6.2.1-150400.17.17.3 * libreoffice-l10n-lt-7.6.2.1-150400.17.17.3 * libreoffice-l10n-ca-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pa-7.6.2.1-150400.17.17.3 * libreoffice-l10n-pt_PT-7.6.2.1-150400.17.17.3 * libreoffice-icon-themes-7.6.2.1-150400.17.17.3 * libreoffice-l10n-hr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-tn-7.6.2.1-150400.17.17.3 * libreoffice-l10n-as-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sk-7.6.2.1-150400.17.17.3 * libreoffice-l10n-he-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sv-7.6.2.1-150400.17.17.3 * libreoffice-l10n-xh-7.6.2.1-150400.17.17.3 * libreoffice-l10n-nso-7.6.2.1-150400.17.17.3 * libreoffice-l10n-mai-7.6.2.1-150400.17.17.3 * libreoffice-l10n-el-7.6.2.1-150400.17.17.3 * libreoffice-l10n-sl-7.6.2.1-150400.17.17.3 * libreoffice-l10n-fr-7.6.2.1-150400.17.17.3 * libreoffice-l10n-en-7.6.2.1-150400.17.17.3 ## References: * https://www.suse.com/security/cve/CVE-2023-1183.html * https://bugzilla.suse.com/show_bug.cgi?id=1209243 * https://bugzilla.suse.com/show_bug.cgi?id=1212444 * https://bugzilla.suse.com/show_bug.cgi?id=1215595 * https://jira.suse.com/browse/PED-5199 * https://jira.suse.com/browse/PED-6799 * https://jira.suse.com/browse/PED-6800 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 16:14:31 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 17:14:31 +0100 (CET) Subject: SUSE-CU-2023:3777-1: Security update of suse/sle15 Message-ID: <20231121161431.563ACF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3777-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.844 Container Release : 6.2.844 Severity : important Type : security References : 1216123 1216174 CVE-2023-44487 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4492-1 Released: Mon Nov 20 18:59:17 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) The following package changes have been done: - libnghttp2-14-1.40.0-150000.3.17.1 updated From sle-security-updates at lists.suse.com Tue Nov 21 16:17:42 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 17:17:42 +0100 (CET) Subject: SUSE-CU-2023:3785-1: Security update of bci/golang Message-ID: <20231121161742.DAEF7F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3785-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-8.2 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-8.2 Container Release : 8.2 Severity : important Type : security References : 1206346 1206346 1206346 1213229 1213880 1215084 1215085 1215090 1215985 1216109 1216943 1216944 CVE-2023-29406 CVE-2023-29409 CVE-2023-39318 CVE-2023-39319 CVE-2023-39323 CVE-2023-39325 CVE-2023-44487 CVE-2023-45283 CVE-2023-45284 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2023:2601-1 Released: Wed Jun 21 15:42:34 2023 Summary: Optional update for go1.20-openssl Type: optional Severity: moderate References: This update for go1.20-openssl fixes the following issues: This update delivers a go1.20 1.20.5.2 package built with its cryptography using the system openssl library. (jsc#SLE-18320 jsc#PED-1962) This allows GO binaries built with go1.20-openssl to be operating in FIPS 140-2/3 mode. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3002-1 Released: Thu Jul 27 12:38:13 2023 Summary: Security update for go1.20-openssl Type: security Severity: moderate References: 1206346,1213229,CVE-2023-29406 This update for go1.20-openssl fixes the following issues: Update to version 1.20.6.1 (bsc#1206346): - CVE-2023-29406: Fixed insufficient sanitization of Host header (bsc#1213229). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3840-1 Released: Wed Sep 27 19:34:42 2023 Summary: Security update for go1.20-openssl Type: security Severity: important References: 1206346,1213880,1215084,1215085,1215090,CVE-2023-29409,CVE-2023-39318,CVE-2023-39319 This update for go1.20-openssl fixes the following issues: Update to version 1.20.8 (bsc#1206346). - CVE-2023-29409: Fixed unrestricted RSA keys in certificates (bsc#1213880). - CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085). - CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts (bsc#1215084). The following non-security bug was fixed: - Add missing directory pprof html asset directory to package (bsc#1215090). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4472-1 Released: Thu Nov 16 19:01:27 2023 Summary: Security update for go1.20-openssl Type: security Severity: important References: 1206346,1215985,1216109,1216943,1216944,CVE-2023-39323,CVE-2023-39325,CVE-2023-44487,CVE-2023-45283,CVE-2023-45284 This update for go1.20-openssl fixes the following issues: Update to version 1.20.11.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.11-1-openssl-fips. * Update to go1.20.11 go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * cmd/link: split text sections for arm 32-bit * net/http: http2 page fails on firefox/safari if pushing resources Update to version 1.20.10.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.10-1-openssl-fips. * Update to go1.20.10 go1.20.10 (released 2023-10-10) includes a security fix to the net/http package. * security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work (bsc#1216109) go1.20.9 (released 2023-10-05) includes one security fixes to the cmd/go package, as well as bug fixes to the go command and the linker. * security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build (bsc#1215985) * cmd/link: issues with Apple's new linker in Xcode 15 beta The following package changes have been done: - go1.20-openssl-doc-1.20.11.1-150000.1.14.1 added - go1.20-openssl-1.20.11.1-150000.1.14.1 added - go1.20-openssl-race-1.20.11.1-150000.1.14.1 added - go1.19-openssl-1.19.13.1-150000.1.8.1 removed - go1.19-openssl-doc-1.19.13.1-150000.1.8.1 removed - go1.19-openssl-race-1.19.13.1-150000.1.8.1 removed From sle-security-updates at lists.suse.com Tue Nov 21 16:17:47 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 17:17:47 +0100 (CET) Subject: SUSE-CU-2023:3786-1: Security update of bci/golang Message-ID: <20231121161747.A7A58F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3786-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-8.2 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-8.2 Container Release : 8.2 Severity : moderate Type : security References : 1212475 1212667 1212669 1215084 1215085 1215086 1215087 1215090 1215985 1216109 1216943 1216944 CVE-2023-39318 CVE-2023-39319 CVE-2023-39320 CVE-2023-39321 CVE-2023-39322 CVE-2023-39323 CVE-2023-39325 CVE-2023-44487 CVE-2023-45283 CVE-2023-45284 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4469-1 Released: Thu Nov 16 18:59:45 2023 Summary: Security update for go1.21-openssl Type: security Severity: moderate References: 1212475,1212667,1212669,1215084,1215085,1215086,1215087,1215090,1215985,1216109,1216943,1216944,CVE-2023-39318,CVE-2023-39319,CVE-2023-39320,CVE-2023-39321,CVE-2023-39322,CVE-2023-39323,CVE-2023-39325,CVE-2023-44487,CVE-2023-45283,CVE-2023-45284 This update for go1.21-openssl fixes the following issues: Update to version 1.21.4.1 cut from the go1.21-openssl-fips branch at the revision tagged go1.21.4-1-openssl-fips. * Update to go1.21.4 go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * spec: update unification rules * cmd/compile: internal compiler error: expected struct value to have type struct * cmd/link: split text sections for arm 32-bit * runtime: MADV_COLLAPSE causes production performance issues on Linux * go/types, x/tools/go/ssa: panic: type param without replacement encountered * cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64 * net/http: http2 page fails on firefox/safari if pushing resources Initial package go1.21-openssl version 1.21.3.1 cut from the go1.21-openssl-fips branch at the revision tagged go1.21.3-1-openssl-fips. (jsc#SLE-18320) * Go upstream merged branch dev.boringcrypto in go1.19+. * In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto. * In go1.x-openssl enable FIPS mode (or boring mode as the package is named) either via an environment variable GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode. * When the operating system is operating in FIPS mode, Go applications which import crypto/tls/fipsonly limit operations to the FIPS ciphersuite. * go1.x-openssl is delivered as two large patches to go1.x applying necessary modifications from the golang-fips/go GitHub project for the Go crypto library to use OpenSSL as the external cryptographic library in a FIPS compliant way. * go1.x-openssl modifies the crypto/* packages to use OpenSSL for cryptographic operations. * go1.x-openssl uses dlopen() to call into OpenSSL. * SUSE RPM packaging introduces a fourth version digit go1.x.y.z corresponding to the golang-fips/go patchset tagged revision. * Patchset improvements can be updated independently of upstream Go maintenance releases. The following package changes have been done: - go1.21-openssl-doc-1.21.4.1-150000.1.5.1 added - go1.21-openssl-1.21.4.1-150000.1.5.1 added - go1.21-openssl-race-1.21.4.1-150000.1.5.1 added - go1.20-openssl-1.20.11.1-150000.1.14.1 removed - go1.20-openssl-doc-1.20.11.1-150000.1.14.1 removed - go1.20-openssl-race-1.20.11.1-150000.1.14.1 removed From sle-security-updates at lists.suse.com Tue Nov 21 16:30:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:04 -0000 Subject: SUSE-SU-2023:4511-1: important: Security update for container-suseconnect Message-ID: <170058420400.4687.17159848782767939632@smelt2.prg2.suse.org> # Security update for container-suseconnect Announcement ID: SUSE-SU-2023:4511-1 Rating: important References: * bsc#1212475 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4511=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4511=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4511=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4511=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4511=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4511=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4511=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4511=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4511=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4511=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4511=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4511=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4511=1 ## Package List: * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * container-suseconnect-debuginfo-2.4.0-150000.4.44.1 * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * SUSE CaaS Platform 4.0 (x86_64) * container-suseconnect-2.4.0-150000.4.44.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.44.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 16:30:07 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:07 -0000 Subject: SUSE-SU-2023:4510-1: important: Security update for ucode-intel Message-ID: <170058420737.4687.10246733980742373205@smelt2.prg2.suse.org> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:4510-1 Rating: important References: * bsc#1215278 Cross-References: * CVE-2023-23583 CVSS scores: * CVE-2023-23583 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 release. (bsc#1215278) * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4510=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4510=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4510=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * ucode-intel-20231114-150100.3.231.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * ucode-intel-20231114-150100.3.231.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * ucode-intel-20231114-150100.3.231.1 * SUSE CaaS Platform 4.0 (x86_64) * ucode-intel-20231114-150100.3.231.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23583.html * https://bugzilla.suse.com/show_bug.cgi?id=1215278 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 16:30:20 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:20 -0000 Subject: SUSE-SU-2023:4508-1: important: Security update for openvswitch Message-ID: <170058422037.4687.16958061430942106408@smelt2.prg2.suse.org> # Security update for openvswitch Announcement ID: SUSE-SU-2023:4508-1 Rating: important References: * bsc#1216002 Cross-References: * CVE-2023-5366 CVSS scores: * CVE-2023-5366 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-5366 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4508=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4508=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4508=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4508=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4508=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4508=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libopenvswitch-2_14-0-2.14.2-150300.19.11.1 * openvswitch-debugsource-2.14.2-150300.19.11.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.11.1 * openvswitch-test-debuginfo-2.14.2-150300.19.11.1 * openvswitch-debuginfo-2.14.2-150300.19.11.1 * ovn-20.06.2-150300.19.11.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.11.1 * ovn-host-20.06.2-150300.19.11.1 * python3-ovs-2.14.2-150300.19.11.1 * openvswitch-vtep-2.14.2-150300.19.11.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.11.1 * ovn-central-debuginfo-20.06.2-150300.19.11.1 * openvswitch-2.14.2-150300.19.11.1 * openvswitch-test-2.14.2-150300.19.11.1 * openvswitch-devel-2.14.2-150300.19.11.1 * ovn-host-debuginfo-20.06.2-150300.19.11.1 * ovn-central-20.06.2-150300.19.11.1 * libovn-20_06-0-20.06.2-150300.19.11.1 * openvswitch-pki-2.14.2-150300.19.11.1 * ovn-vtep-20.06.2-150300.19.11.1 * ovn-docker-20.06.2-150300.19.11.1 * openvswitch-ipsec-2.14.2-150300.19.11.1 * ovn-devel-20.06.2-150300.19.11.1 * ovn-debuginfo-20.06.2-150300.19.11.1 * ovn-vtep-debuginfo-20.06.2-150300.19.11.1 * openSUSE Leap 15.3 (noarch) * openvswitch-doc-2.14.2-150300.19.11.1 * ovn-doc-20.06.2-150300.19.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libopenvswitch-2_14-0-2.14.2-150300.19.11.1 * openvswitch-debugsource-2.14.2-150300.19.11.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.11.1 * openvswitch-test-debuginfo-2.14.2-150300.19.11.1 * openvswitch-debuginfo-2.14.2-150300.19.11.1 * ovn-20.06.2-150300.19.11.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.11.1 * ovn-host-20.06.2-150300.19.11.1 * python3-ovs-2.14.2-150300.19.11.1 * openvswitch-vtep-2.14.2-150300.19.11.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.11.1 * ovn-central-debuginfo-20.06.2-150300.19.11.1 * openvswitch-2.14.2-150300.19.11.1 * openvswitch-test-2.14.2-150300.19.11.1 * openvswitch-devel-2.14.2-150300.19.11.1 * ovn-host-debuginfo-20.06.2-150300.19.11.1 * ovn-central-20.06.2-150300.19.11.1 * libovn-20_06-0-20.06.2-150300.19.11.1 * openvswitch-pki-2.14.2-150300.19.11.1 * ovn-vtep-20.06.2-150300.19.11.1 * ovn-docker-20.06.2-150300.19.11.1 * openvswitch-ipsec-2.14.2-150300.19.11.1 * ovn-devel-20.06.2-150300.19.11.1 * ovn-debuginfo-20.06.2-150300.19.11.1 * ovn-vtep-debuginfo-20.06.2-150300.19.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libopenvswitch-2_14-0-2.14.2-150300.19.11.1 * openvswitch-debugsource-2.14.2-150300.19.11.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.11.1 * openvswitch-test-debuginfo-2.14.2-150300.19.11.1 * openvswitch-debuginfo-2.14.2-150300.19.11.1 * ovn-20.06.2-150300.19.11.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.11.1 * ovn-host-20.06.2-150300.19.11.1 * python3-ovs-2.14.2-150300.19.11.1 * openvswitch-vtep-2.14.2-150300.19.11.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.11.1 * ovn-central-debuginfo-20.06.2-150300.19.11.1 * openvswitch-2.14.2-150300.19.11.1 * openvswitch-test-2.14.2-150300.19.11.1 * openvswitch-devel-2.14.2-150300.19.11.1 * ovn-host-debuginfo-20.06.2-150300.19.11.1 * ovn-central-20.06.2-150300.19.11.1 * libovn-20_06-0-20.06.2-150300.19.11.1 * openvswitch-pki-2.14.2-150300.19.11.1 * ovn-vtep-20.06.2-150300.19.11.1 * ovn-docker-20.06.2-150300.19.11.1 * openvswitch-ipsec-2.14.2-150300.19.11.1 * ovn-devel-20.06.2-150300.19.11.1 * ovn-debuginfo-20.06.2-150300.19.11.1 * ovn-vtep-debuginfo-20.06.2-150300.19.11.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libopenvswitch-2_14-0-2.14.2-150300.19.11.1 * openvswitch-debugsource-2.14.2-150300.19.11.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.11.1 * openvswitch-test-debuginfo-2.14.2-150300.19.11.1 * openvswitch-debuginfo-2.14.2-150300.19.11.1 * ovn-20.06.2-150300.19.11.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.11.1 * ovn-host-20.06.2-150300.19.11.1 * python3-ovs-2.14.2-150300.19.11.1 * openvswitch-vtep-2.14.2-150300.19.11.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.11.1 * ovn-central-debuginfo-20.06.2-150300.19.11.1 * openvswitch-2.14.2-150300.19.11.1 * openvswitch-test-2.14.2-150300.19.11.1 * openvswitch-devel-2.14.2-150300.19.11.1 * ovn-host-debuginfo-20.06.2-150300.19.11.1 * ovn-central-20.06.2-150300.19.11.1 * libovn-20_06-0-20.06.2-150300.19.11.1 * openvswitch-pki-2.14.2-150300.19.11.1 * ovn-vtep-20.06.2-150300.19.11.1 * ovn-docker-20.06.2-150300.19.11.1 * openvswitch-ipsec-2.14.2-150300.19.11.1 * ovn-devel-20.06.2-150300.19.11.1 * ovn-debuginfo-20.06.2-150300.19.11.1 * ovn-vtep-debuginfo-20.06.2-150300.19.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libopenvswitch-2_14-0-2.14.2-150300.19.11.1 * openvswitch-debugsource-2.14.2-150300.19.11.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.11.1 * openvswitch-test-debuginfo-2.14.2-150300.19.11.1 * openvswitch-debuginfo-2.14.2-150300.19.11.1 * ovn-20.06.2-150300.19.11.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.11.1 * ovn-host-20.06.2-150300.19.11.1 * python3-ovs-2.14.2-150300.19.11.1 * openvswitch-vtep-2.14.2-150300.19.11.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.11.1 * ovn-central-debuginfo-20.06.2-150300.19.11.1 * openvswitch-2.14.2-150300.19.11.1 * openvswitch-test-2.14.2-150300.19.11.1 * openvswitch-devel-2.14.2-150300.19.11.1 * ovn-host-debuginfo-20.06.2-150300.19.11.1 * ovn-central-20.06.2-150300.19.11.1 * libovn-20_06-0-20.06.2-150300.19.11.1 * openvswitch-pki-2.14.2-150300.19.11.1 * ovn-vtep-20.06.2-150300.19.11.1 * ovn-docker-20.06.2-150300.19.11.1 * openvswitch-ipsec-2.14.2-150300.19.11.1 * ovn-devel-20.06.2-150300.19.11.1 * ovn-debuginfo-20.06.2-150300.19.11.1 * ovn-vtep-debuginfo-20.06.2-150300.19.11.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libopenvswitch-2_14-0-2.14.2-150300.19.11.1 * openvswitch-debugsource-2.14.2-150300.19.11.1 * libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.11.1 * openvswitch-test-debuginfo-2.14.2-150300.19.11.1 * openvswitch-debuginfo-2.14.2-150300.19.11.1 * ovn-20.06.2-150300.19.11.1 * openvswitch-vtep-debuginfo-2.14.2-150300.19.11.1 * ovn-host-20.06.2-150300.19.11.1 * python3-ovs-2.14.2-150300.19.11.1 * openvswitch-vtep-2.14.2-150300.19.11.1 * libovn-20_06-0-debuginfo-20.06.2-150300.19.11.1 * ovn-central-debuginfo-20.06.2-150300.19.11.1 * openvswitch-2.14.2-150300.19.11.1 * openvswitch-test-2.14.2-150300.19.11.1 * openvswitch-devel-2.14.2-150300.19.11.1 * ovn-host-debuginfo-20.06.2-150300.19.11.1 * ovn-central-20.06.2-150300.19.11.1 * libovn-20_06-0-20.06.2-150300.19.11.1 * openvswitch-pki-2.14.2-150300.19.11.1 * ovn-vtep-20.06.2-150300.19.11.1 * ovn-docker-20.06.2-150300.19.11.1 * openvswitch-ipsec-2.14.2-150300.19.11.1 * ovn-devel-20.06.2-150300.19.11.1 * ovn-debuginfo-20.06.2-150300.19.11.1 * ovn-vtep-debuginfo-20.06.2-150300.19.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5366.html * https://bugzilla.suse.com/show_bug.cgi?id=1216002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 16:30:24 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:24 -0000 Subject: SUSE-SU-2023:4507-1: moderate: Security update for java-1_8_0-openjdk Message-ID: <170058422467.4687.2028863759050428913@smelt2.prg2.suse.org> # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2023:4507-1 Rating: moderate References: * bsc#1211968 * bsc#1216374 * bsc#1216379 Cross-References: * CVE-2015-4000 * CVE-2023-22067 * CVE-2023-22081 CVSS scores: * CVE-2015-4000 ( NVD ): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22081 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u392 (icedtea-3.29.0) October 2023 CPU: * CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379). * CVE-2023-22081: Fixed certificate path validation issue during client authentication (bsc#1216374). * CVE-2015-4000: Fixed Logjam issue in SLES12SP5 (bsc#1211968). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4507=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4507=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4507=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-1.8.0.392-27.93.1 * java-1_8_0-openjdk-devel-1.8.0.392-27.93.1 * java-1_8_0-openjdk-headless-1.8.0.392-27.93.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-27.93.1 * java-1_8_0-openjdk-demo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-27.93.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-1.8.0.392-27.93.1 * java-1_8_0-openjdk-devel-1.8.0.392-27.93.1 * java-1_8_0-openjdk-headless-1.8.0.392-27.93.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-27.93.1 * java-1_8_0-openjdk-demo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-27.93.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-1.8.0.392-27.93.1 * java-1_8_0-openjdk-devel-1.8.0.392-27.93.1 * java-1_8_0-openjdk-headless-1.8.0.392-27.93.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-27.93.1 * java-1_8_0-openjdk-demo-1.8.0.392-27.93.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-27.93.1 ## References: * https://www.suse.com/security/cve/CVE-2015-4000.html * https://www.suse.com/security/cve/CVE-2023-22067.html * https://www.suse.com/security/cve/CVE-2023-22081.html * https://bugzilla.suse.com/show_bug.cgi?id=1211968 * https://bugzilla.suse.com/show_bug.cgi?id=1216374 * https://bugzilla.suse.com/show_bug.cgi?id=1216379 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 16:30:28 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:28 -0000 Subject: SUSE-SU-2023:4506-1: moderate: Security update for java-1_8_0-openjdk Message-ID: <170058422858.4687.2243697582024122233@smelt2.prg2.suse.org> # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2023:4506-1 Rating: moderate References: * bsc#1211968 * bsc#1216374 * bsc#1216379 Cross-References: * CVE-2015-4000 * CVE-2023-22067 * CVE-2023-22081 CVSS scores: * CVE-2015-4000 ( NVD ): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22081 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u392 (icedtea-3.29.0) October 2023 CPU: * CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379). * CVE-2023-22081: Fixed certificate path validation issue during client authentication (bsc#1216374). * CVE-2015-4000: Fixed Logjam issue in SLES12SP5 (bsc#1211968). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4506=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4506=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4506=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4506=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4506=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4506=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4506=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4506=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4506=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4506=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4506=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4506=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4506=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE CaaS Platform 4.0 (x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-src-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-accessibility-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.4 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-src-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-accessibility-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.5 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.392-150000.3.85.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 ## References: * https://www.suse.com/security/cve/CVE-2015-4000.html * https://www.suse.com/security/cve/CVE-2023-22067.html * https://www.suse.com/security/cve/CVE-2023-22081.html * https://bugzilla.suse.com/show_bug.cgi?id=1211968 * https://bugzilla.suse.com/show_bug.cgi?id=1216374 * https://bugzilla.suse.com/show_bug.cgi?id=1216379 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 16:30:32 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:32 -0000 Subject: SUSE-SU-2023:4505-1: moderate: Security update for libxml2 Message-ID: <170058423246.4687.4306036323285894198@smelt2.prg2.suse.org> # Security update for libxml2 Announcement ID: SUSE-SU-2023:4505-1 Rating: moderate References: * bsc#1216129 Cross-References: * CVE-2023-45322 CVSS scores: * CVE-2023-45322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-45322 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4505=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4505=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4505=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4505=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libxml2-debugsource-2.9.4-46.68.2 * libxml2-devel-2.9.4-46.68.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * python-libxml2-debuginfo-2.9.4-46.68.2 * libxml2-tools-2.9.4-46.68.2 * libxml2-tools-debuginfo-2.9.4-46.68.2 * python-libxml2-debugsource-2.9.4-46.68.2 * python-libxml2-2.9.4-46.68.2 * libxml2-debugsource-2.9.4-46.68.2 * libxml2-2-debuginfo-2.9.4-46.68.2 * libxml2-2-2.9.4-46.68.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * libxml2-doc-2.9.4-46.68.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libxml2-2-debuginfo-32bit-2.9.4-46.68.2 * libxml2-2-32bit-2.9.4-46.68.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * python-libxml2-debuginfo-2.9.4-46.68.2 * libxml2-tools-2.9.4-46.68.2 * libxml2-tools-debuginfo-2.9.4-46.68.2 * python-libxml2-debugsource-2.9.4-46.68.2 * python-libxml2-2.9.4-46.68.2 * libxml2-debugsource-2.9.4-46.68.2 * libxml2-2-debuginfo-2.9.4-46.68.2 * libxml2-2-2.9.4-46.68.2 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libxml2-doc-2.9.4-46.68.2 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libxml2-2-debuginfo-32bit-2.9.4-46.68.2 * libxml2-2-32bit-2.9.4-46.68.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * python-libxml2-debuginfo-2.9.4-46.68.2 * libxml2-tools-2.9.4-46.68.2 * libxml2-tools-debuginfo-2.9.4-46.68.2 * python-libxml2-debugsource-2.9.4-46.68.2 * python-libxml2-2.9.4-46.68.2 * libxml2-debugsource-2.9.4-46.68.2 * libxml2-2-debuginfo-2.9.4-46.68.2 * libxml2-2-2.9.4-46.68.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libxml2-doc-2.9.4-46.68.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libxml2-2-debuginfo-32bit-2.9.4-46.68.2 * libxml2-2-32bit-2.9.4-46.68.2 ## References: * https://www.suse.com/security/cve/CVE-2023-45322.html * https://bugzilla.suse.com/show_bug.cgi?id=1216129 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 16:30:35 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:35 -0000 Subject: SUSE-SU-2023:4504-1: moderate: Security update for libxml2 Message-ID: <170058423500.4687.11434956815508538935@smelt2.prg2.suse.org> # Security update for libxml2 Announcement ID: SUSE-SU-2023:4504-1 Rating: moderate References: * bsc#1216129 Cross-References: * CVE-2023-45322 CVSS scores: * CVE-2023-45322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-45322 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4504=1 openSUSE-SLE-15.5-2023-4504=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4504=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4504=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4504=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libxml2-tools-debuginfo-2.10.3-150500.5.11.1 * libxml2-devel-2.10.3-150500.5.11.1 * libxml2-tools-2.10.3-150500.5.11.1 * libxml2-python-debugsource-2.10.3-150500.5.11.1 * python311-libxml2-2.10.3-150500.5.11.1 * python311-libxml2-debuginfo-2.10.3-150500.5.11.1 * libxml2-debugsource-2.10.3-150500.5.11.1 * python3-libxml2-2.10.3-150500.5.11.1 * python3-libxml2-debuginfo-2.10.3-150500.5.11.1 * libxml2-2-2.10.3-150500.5.11.1 * libxml2-2-debuginfo-2.10.3-150500.5.11.1 * openSUSE Leap 15.5 (x86_64) * libxml2-2-32bit-2.10.3-150500.5.11.1 * libxml2-2-32bit-debuginfo-2.10.3-150500.5.11.1 * libxml2-devel-32bit-2.10.3-150500.5.11.1 * openSUSE Leap 15.5 (noarch) * libxml2-doc-2.10.3-150500.5.11.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libxml2-2-64bit-2.10.3-150500.5.11.1 * libxml2-2-64bit-debuginfo-2.10.3-150500.5.11.1 * libxml2-devel-64bit-2.10.3-150500.5.11.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libxml2-tools-debuginfo-2.10.3-150500.5.11.1 * libxml2-tools-2.10.3-150500.5.11.1 * libxml2-python-debugsource-2.10.3-150500.5.11.1 * libxml2-debugsource-2.10.3-150500.5.11.1 * python3-libxml2-2.10.3-150500.5.11.1 * python3-libxml2-debuginfo-2.10.3-150500.5.11.1 * libxml2-2-2.10.3-150500.5.11.1 * libxml2-2-debuginfo-2.10.3-150500.5.11.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libxml2-tools-debuginfo-2.10.3-150500.5.11.1 * libxml2-devel-2.10.3-150500.5.11.1 * libxml2-python-debugsource-2.10.3-150500.5.11.1 * libxml2-tools-2.10.3-150500.5.11.1 * libxml2-debugsource-2.10.3-150500.5.11.1 * python3-libxml2-2.10.3-150500.5.11.1 * python3-libxml2-debuginfo-2.10.3-150500.5.11.1 * libxml2-2-2.10.3-150500.5.11.1 * libxml2-2-debuginfo-2.10.3-150500.5.11.1 * Basesystem Module 15-SP5 (x86_64) * libxml2-2-32bit-2.10.3-150500.5.11.1 * libxml2-2-32bit-debuginfo-2.10.3-150500.5.11.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-libxml2-debuginfo-2.10.3-150500.5.11.1 * python311-libxml2-2.10.3-150500.5.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45322.html * https://bugzilla.suse.com/show_bug.cgi?id=1216129 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 16:30:39 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 16:30:39 -0000 Subject: SUSE-SU-2023:4503-1: moderate: Security update for avahi Message-ID: <170058423941.4687.14300518223280075124@smelt2.prg2.suse.org> # Security update for avahi Announcement ID: SUSE-SU-2023:4503-1 Rating: moderate References: * bsc#1215947 * bsc#1216419 Cross-References: * CVE-2023-38470 * CVE-2023-38473 CVSS scores: * CVE-2023-38470 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38470 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). * CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4503=1 openSUSE-SLE-15.4-2023-4503=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4503=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4503=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4503=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4503=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4503=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4503=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4503=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4503=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4503=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4503=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4503=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4503=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4503=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4503=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libavahi-gobject-devel-0.8-150400.7.10.1 * libdns_sd-0.8-150400.7.10.1 * libavahi-glib-devel-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * avahi-autoipd-debuginfo-0.8-150400.7.10.1 * libavahi-libevent1-0.8-150400.7.10.1 * libhowl0-debuginfo-0.8-150400.7.10.1 * avahi-compat-mDNSResponder-devel-0.8-150400.7.10.1 * libavahi-devel-0.8-150400.7.10.1 * avahi-utils-gtk-0.8-150400.7.10.1 * libavahi-glib1-0.8-150400.7.10.1 * avahi-utils-0.8-150400.7.10.1 * avahi-autoipd-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * libavahi-core7-debuginfo-0.8-150400.7.10.1 * typelib-1_0-Avahi-0_6-0.8-150400.7.10.1 * python3-avahi-0.8-150400.7.10.1 * libavahi-glib1-debuginfo-0.8-150400.7.10.1 * libhowl0-0.8-150400.7.10.1 * avahi-glib2-debugsource-0.8-150400.7.10.1 * python3-avahi-gtk-0.8-150400.7.10.1 * libavahi-qt5-1-0.8-150400.7.10.1 * libavahi-libevent1-debuginfo-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * avahi-qt5-debugsource-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.10.1 * avahi-utils-debuginfo-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * libavahi-qt5-devel-0.8-150400.7.10.1 * libavahi-gobject0-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * avahi-utils-gtk-debuginfo-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-0.8-150400.7.10.1 * avahi-compat-howl-devel-0.8-150400.7.10.1 * libavahi-qt5-1-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-gobject0-debuginfo-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * libdns_sd-debuginfo-0.8-150400.7.10.1 * openSUSE Leap 15.4 (x86_64) * libdns_sd-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-common3-32bit-0.8-150400.7.10.1 * libavahi-client3-32bit-0.8-150400.7.10.1 * libavahi-common3-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-client3-32bit-debuginfo-0.8-150400.7.10.1 * libdns_sd-32bit-0.8-150400.7.10.1 * avahi-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-glib1-32bit-0.8-150400.7.10.1 * libavahi-glib1-32bit-debuginfo-0.8-150400.7.10.1 * openSUSE Leap 15.4 (noarch) * avahi-lang-0.8-150400.7.10.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libavahi-client3-64bit-0.8-150400.7.10.1 * avahi-64bit-debuginfo-0.8-150400.7.10.1 * libavahi-common3-64bit-0.8-150400.7.10.1 * libavahi-common3-64bit-debuginfo-0.8-150400.7.10.1 * libdns_sd-64bit-debuginfo-0.8-150400.7.10.1 * libavahi-glib1-64bit-0.8-150400.7.10.1 * libdns_sd-64bit-0.8-150400.7.10.1 * libavahi-glib1-64bit-debuginfo-0.8-150400.7.10.1 * libavahi-client3-64bit-debuginfo-0.8-150400.7.10.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libavahi-core7-debuginfo-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libavahi-core7-debuginfo-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libavahi-gobject-devel-0.8-150400.7.10.1 * libdns_sd-0.8-150400.7.10.1 * libavahi-glib-devel-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * avahi-autoipd-debuginfo-0.8-150400.7.10.1 * libavahi-libevent1-0.8-150400.7.10.1 * libhowl0-debuginfo-0.8-150400.7.10.1 * avahi-compat-mDNSResponder-devel-0.8-150400.7.10.1 * libavahi-devel-0.8-150400.7.10.1 * avahi-utils-gtk-0.8-150400.7.10.1 * libavahi-glib1-0.8-150400.7.10.1 * avahi-utils-0.8-150400.7.10.1 * avahi-autoipd-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * libavahi-core7-debuginfo-0.8-150400.7.10.1 * typelib-1_0-Avahi-0_6-0.8-150400.7.10.1 * python3-avahi-0.8-150400.7.10.1 * libavahi-glib1-debuginfo-0.8-150400.7.10.1 * avahi-glib2-debugsource-0.8-150400.7.10.1 * libhowl0-0.8-150400.7.10.1 * python3-avahi-gtk-0.8-150400.7.10.1 * libavahi-qt5-1-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-libevent1-debuginfo-0.8-150400.7.10.1 * avahi-qt5-debugsource-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.10.1 * avahi-utils-debuginfo-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * libavahi-qt5-devel-0.8-150400.7.10.1 * libavahi-gobject0-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * avahi-utils-gtk-debuginfo-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-0.8-150400.7.10.1 * avahi-compat-howl-devel-0.8-150400.7.10.1 * libavahi-qt5-1-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-gobject0-debuginfo-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * libdns_sd-debuginfo-0.8-150400.7.10.1 * openSUSE Leap 15.5 (x86_64) * libdns_sd-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-common3-32bit-0.8-150400.7.10.1 * libavahi-client3-32bit-0.8-150400.7.10.1 * libavahi-common3-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-client3-32bit-debuginfo-0.8-150400.7.10.1 * libdns_sd-32bit-0.8-150400.7.10.1 * avahi-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-glib1-32bit-0.8-150400.7.10.1 * libavahi-glib1-32bit-debuginfo-0.8-150400.7.10.1 * openSUSE Leap 15.5 (noarch) * avahi-lang-0.8-150400.7.10.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libavahi-core7-debuginfo-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libavahi-core7-debuginfo-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libavahi-core7-debuginfo-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libavahi-core7-debuginfo-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libavahi-core7-debuginfo-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libdns_sd-0.8-150400.7.10.1 * libavahi-glib-devel-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-libevent1-0.8-150400.7.10.1 * libhowl0-debuginfo-0.8-150400.7.10.1 * avahi-compat-mDNSResponder-devel-0.8-150400.7.10.1 * libavahi-devel-0.8-150400.7.10.1 * libavahi-glib1-0.8-150400.7.10.1 * avahi-utils-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * libavahi-core7-debuginfo-0.8-150400.7.10.1 * typelib-1_0-Avahi-0_6-0.8-150400.7.10.1 * libavahi-glib1-debuginfo-0.8-150400.7.10.1 * avahi-glib2-debugsource-0.8-150400.7.10.1 * libhowl0-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-libevent1-debuginfo-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.10.1 * avahi-utils-debuginfo-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * libavahi-gobject0-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-0.8-150400.7.10.1 * avahi-compat-howl-devel-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-gobject0-debuginfo-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * libdns_sd-debuginfo-0.8-150400.7.10.1 * Basesystem Module 15-SP4 (noarch) * avahi-lang-0.8-150400.7.10.1 * Basesystem Module 15-SP4 (x86_64) * libavahi-common3-32bit-0.8-150400.7.10.1 * libavahi-client3-32bit-0.8-150400.7.10.1 * libavahi-common3-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-client3-32bit-debuginfo-0.8-150400.7.10.1 * avahi-32bit-debuginfo-0.8-150400.7.10.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libdns_sd-0.8-150400.7.10.1 * libavahi-glib-devel-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * libavahi-libevent1-0.8-150400.7.10.1 * libhowl0-debuginfo-0.8-150400.7.10.1 * avahi-compat-mDNSResponder-devel-0.8-150400.7.10.1 * libavahi-devel-0.8-150400.7.10.1 * libavahi-glib1-0.8-150400.7.10.1 * avahi-utils-0.8-150400.7.10.1 * avahi-0.8-150400.7.10.1 * libavahi-core7-debuginfo-0.8-150400.7.10.1 * typelib-1_0-Avahi-0_6-0.8-150400.7.10.1 * libavahi-glib1-debuginfo-0.8-150400.7.10.1 * avahi-glib2-debugsource-0.8-150400.7.10.1 * libhowl0-0.8-150400.7.10.1 * libavahi-common3-debuginfo-0.8-150400.7.10.1 * libavahi-libevent1-debuginfo-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.10.1 * avahi-utils-debuginfo-0.8-150400.7.10.1 * libavahi-client3-debuginfo-0.8-150400.7.10.1 * libavahi-gobject0-0.8-150400.7.10.1 * libavahi-core7-0.8-150400.7.10.1 * libavahi-common3-0.8-150400.7.10.1 * libavahi-ui-gtk3-0-0.8-150400.7.10.1 * avahi-compat-howl-devel-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * libavahi-gobject0-debuginfo-0.8-150400.7.10.1 * libavahi-client3-0.8-150400.7.10.1 * libdns_sd-debuginfo-0.8-150400.7.10.1 * Basesystem Module 15-SP5 (noarch) * avahi-lang-0.8-150400.7.10.1 * Basesystem Module 15-SP5 (x86_64) * libavahi-common3-32bit-0.8-150400.7.10.1 * libavahi-client3-32bit-0.8-150400.7.10.1 * libavahi-common3-32bit-debuginfo-0.8-150400.7.10.1 * libavahi-client3-32bit-debuginfo-0.8-150400.7.10.1 * avahi-32bit-debuginfo-0.8-150400.7.10.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * avahi-utils-gtk-debuginfo-0.8-150400.7.10.1 * libavahi-gobject-devel-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * avahi-autoipd-debuginfo-0.8-150400.7.10.1 * avahi-glib2-debugsource-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * avahi-utils-gtk-0.8-150400.7.10.1 * avahi-autoipd-0.8-150400.7.10.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * avahi-utils-gtk-debuginfo-0.8-150400.7.10.1 * libavahi-gobject-devel-0.8-150400.7.10.1 * avahi-debugsource-0.8-150400.7.10.1 * avahi-autoipd-debuginfo-0.8-150400.7.10.1 * avahi-glib2-debugsource-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * avahi-utils-gtk-0.8-150400.7.10.1 * avahi-autoipd-0.8-150400.7.10.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * avahi-debugsource-0.8-150400.7.10.1 * python3-avahi-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * avahi-debugsource-0.8-150400.7.10.1 * python3-avahi-0.8-150400.7.10.1 * avahi-debuginfo-0.8-150400.7.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38470.html * https://www.suse.com/security/cve/CVE-2023-38473.html * https://bugzilla.suse.com/show_bug.cgi?id=1215947 * https://bugzilla.suse.com/show_bug.cgi?id=1216419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 20:30:05 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:05 -0000 Subject: SUSE-SU-2023:4524-1: important: Security update for openssl-1_1 Message-ID: <170059860547.25714.15948606271566997180@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:4524-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4524=1 SUSE-2023-4524=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4524=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4524=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4524=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4524=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4524=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4524=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4524=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * openSUSE Leap 15.4 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.60.2 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.60.2 * libopenssl1_1-32bit-1.1.1l-150400.7.60.2 * openSUSE Leap 15.4 (noarch) * openssl-1_1-doc-1.1.1l-150400.7.60.2 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl1_1-64bit-debuginfo-1.1.1l-150400.7.60.2 * libopenssl1_1-64bit-1.1.1l-150400.7.60.2 * libopenssl1_1-hmac-64bit-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-64bit-1.1.1l-150400.7.60.2 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150400.7.60.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-1.1.1l-150400.7.60.2 * openssl-1_1-debugsource-1.1.1l-150400.7.60.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.60.2 * openssl-1_1-1.1.1l-150400.7.60.2 * libopenssl1_1-1.1.1l-150400.7.60.2 * Basesystem Module 15-SP4 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.60.2 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.60.2 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.60.2 * libopenssl1_1-32bit-1.1.1l-150400.7.60.2 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 20:30:07 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:07 -0000 Subject: SUSE-SU-2023:4523-1: important: Security update for openssl-1_0_0 Message-ID: <170059860783.25714.8737064600066086279@smelt2.prg2.suse.org> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2023:4523-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4523=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4523=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4523=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4523=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libopenssl-1_0_0-devel-1.0.2p-3.87.1 * openssl-1_0_0-debugsource-1.0.2p-3.87.1 * openssl-1_0_0-debuginfo-1.0.2p-3.87.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_0_0-devel-32bit-1.0.2p-3.87.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libopenssl-1_0_0-devel-1.0.2p-3.87.1 * libopenssl1_0_0-1.0.2p-3.87.1 * openssl-1_0_0-1.0.2p-3.87.1 * libopenssl1_0_0-hmac-1.0.2p-3.87.1 * openssl-1_0_0-debugsource-1.0.2p-3.87.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.87.1 * openssl-1_0_0-debuginfo-1.0.2p-3.87.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.87.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.87.1 * libopenssl1_0_0-32bit-1.0.2p-3.87.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.87.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libopenssl-1_0_0-devel-1.0.2p-3.87.1 * libopenssl1_0_0-1.0.2p-3.87.1 * openssl-1_0_0-1.0.2p-3.87.1 * libopenssl1_0_0-hmac-1.0.2p-3.87.1 * openssl-1_0_0-debugsource-1.0.2p-3.87.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.87.1 * openssl-1_0_0-debuginfo-1.0.2p-3.87.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.87.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.87.1 * libopenssl1_0_0-32bit-1.0.2p-3.87.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.87.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libopenssl-1_0_0-devel-1.0.2p-3.87.1 * libopenssl1_0_0-1.0.2p-3.87.1 * openssl-1_0_0-1.0.2p-3.87.1 * libopenssl1_0_0-hmac-1.0.2p-3.87.1 * openssl-1_0_0-debugsource-1.0.2p-3.87.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.87.1 * openssl-1_0_0-debuginfo-1.0.2p-3.87.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.87.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.87.1 * libopenssl1_0_0-32bit-1.0.2p-3.87.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.87.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 20:30:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:09 -0000 Subject: SUSE-SU-2023:4522-1: important: Security update for openssl-1_0_0 Message-ID: <170059860989.25714.6205509063472257477@smelt2.prg2.suse.org> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2023:4522-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4522=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4522=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4522=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4522=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4522=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4522=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4522=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4522=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4522=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4522=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4522=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4522=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4522=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * openssl-1_0_0-cavs-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * openSUSE Leap 15.4 (x86_64) * libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.88.1 * libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.88.1 * libopenssl1_0_0-32bit-1.0.2p-150000.3.88.1 * openSUSE Leap 15.4 (noarch) * openssl-1_0_0-doc-1.0.2p-150000.3.88.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * openssl-1_0_0-cavs-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * openSUSE Leap 15.5 (x86_64) * libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.88.1 * libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.88.1 * libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.88.1 * libopenssl1_0_0-32bit-1.0.2p-150000.3.88.1 * openSUSE Leap 15.5 (noarch) * openssl-1_0_0-doc-1.0.2p-150000.3.88.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-debuginfo-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * libopenssl10-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 * SUSE CaaS Platform 4.0 (x86_64) * openssl-1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.88.1 * libopenssl1_0_0-1.0.2p-150000.3.88.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.88.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.88.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.88.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 20:30:12 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:12 -0000 Subject: SUSE-SU-2023:4521-1: important: Security update for openssl-1_1 Message-ID: <170059861224.25714.9858813354230118722@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:4521-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4521=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4521=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4521=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4521=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.101.1 * openssl-1_1-debugsource-1.1.1d-2.101.1 * libopenssl-1_1-devel-1.1.1d-2.101.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-2.101.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * openssl-1_1-debuginfo-1.1.1d-2.101.1 * libopenssl1_1-hmac-1.1.1d-2.101.1 * libopenssl1_1-1.1.1d-2.101.1 * openssl-1_1-1.1.1d-2.101.1 * openssl-1_1-debugsource-1.1.1d-2.101.1 * libopenssl1_1-debuginfo-1.1.1d-2.101.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1d-2.101.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.101.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.101.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.101.1 * libopenssl1_1-hmac-1.1.1d-2.101.1 * libopenssl1_1-1.1.1d-2.101.1 * openssl-1_1-1.1.1d-2.101.1 * openssl-1_1-debugsource-1.1.1d-2.101.1 * libopenssl1_1-debuginfo-1.1.1d-2.101.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_1-32bit-1.1.1d-2.101.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.101.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.101.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * openssl-1_1-debuginfo-1.1.1d-2.101.1 * libopenssl1_1-hmac-1.1.1d-2.101.1 * libopenssl1_1-1.1.1d-2.101.1 * openssl-1_1-1.1.1d-2.101.1 * openssl-1_1-debugsource-1.1.1d-2.101.1 * libopenssl1_1-debuginfo-1.1.1d-2.101.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1d-2.101.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.101.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.101.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 20:30:14 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:14 -0000 Subject: SUSE-SU-2023:4520-1: important: Security update for openssl-1_1 Message-ID: <170059861430.25714.14611000092434514917@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:4520-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4520=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4520=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4520=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libopenssl1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-1.1.0i-150100.14.68.1 * openssl-1_1-1.1.0i-150100.14.68.1 * openssl-1_1-debugsource-1.1.0i-150100.14.68.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-1.1.0i-150100.14.68.1 * libopenssl1_1-1.1.0i-150100.14.68.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.68.1 * libopenssl1_1-32bit-1.1.0i-150100.14.68.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-1.1.0i-150100.14.68.1 * openssl-1_1-1.1.0i-150100.14.68.1 * openssl-1_1-debugsource-1.1.0i-150100.14.68.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-1.1.0i-150100.14.68.1 * libopenssl1_1-1.1.0i-150100.14.68.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.68.1 * libopenssl1_1-32bit-1.1.0i-150100.14.68.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libopenssl1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-1.1.0i-150100.14.68.1 * openssl-1_1-1.1.0i-150100.14.68.1 * openssl-1_1-debugsource-1.1.0i-150100.14.68.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-1.1.0i-150100.14.68.1 * libopenssl1_1-1.1.0i-150100.14.68.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.68.1 * libopenssl1_1-32bit-1.1.0i-150100.14.68.1 * SUSE CaaS Platform 4.0 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-1.1.0i-150100.14.68.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.68.1 * openssl-1_1-1.1.0i-150100.14.68.1 * openssl-1_1-debugsource-1.1.0i-150100.14.68.1 * libopenssl1_1-32bit-1.1.0i-150100.14.68.1 * libopenssl1_1-hmac-1.1.0i-150100.14.68.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.68.1 * libopenssl1_1-1.1.0i-150100.14.68.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 20:30:16 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:16 -0000 Subject: SUSE-SU-2023:4519-1: important: Security update for openssl-1_1 Message-ID: <170059861645.25714.10695264758952251795@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:4519-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4519=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4519=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4519=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4519=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4519=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4519=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4519=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4519=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4519=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4519=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4519=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.82.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 * SUSE Enterprise Storage 7.1 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.82.1 * SUSE Enterprise Storage 7.1 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.82.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.82.1 * libopenssl1_1-32bit-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.82.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.82.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.82.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.82.1 * libopenssl-1_1-devel-1.1.1d-150200.11.82.1 * libopenssl1_1-1.1.1d-150200.11.82.1 * openssl-1_1-debugsource-1.1.1d-150200.11.82.1 * openssl-1_1-1.1.1d-150200.11.82.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 20:30:18 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:18 -0000 Subject: SUSE-SU-2023:4518-1: important: Security update for openssl-1_1 Message-ID: <170059861846.25714.17929878344506316776@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:4518-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4518=1 openSUSE-SLE-15.5-2023-4518=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4518=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4518=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * openssl-1_1-debugsource-1.1.1l-150500.17.22.1 * libopenssl1_1-1.1.1l-150500.17.22.1 * openssl-1_1-1.1.1l-150500.17.22.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.22.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.22.1 * libopenssl-1_1-devel-1.1.1l-150500.17.22.1 * libopenssl1_1-hmac-1.1.1l-150500.17.22.1 * openSUSE Leap 15.5 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.22.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.22.1 * libopenssl1_1-32bit-1.1.1l-150500.17.22.1 * libopenssl-1_1-devel-32bit-1.1.1l-150500.17.22.1 * openSUSE Leap 15.5 (noarch) * openssl-1_1-doc-1.1.1l-150500.17.22.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl-1_1-devel-64bit-1.1.1l-150500.17.22.1 * libopenssl1_1-hmac-64bit-1.1.1l-150500.17.22.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.22.1 * libopenssl1_1-64bit-1.1.1l-150500.17.22.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150500.17.22.1 * libopenssl1_1-1.1.1l-150500.17.22.1 * openssl-1_1-1.1.1l-150500.17.22.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.22.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.22.1 * libopenssl-1_1-devel-1.1.1l-150500.17.22.1 * libopenssl1_1-hmac-1.1.1l-150500.17.22.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150500.17.22.1 * libopenssl1_1-1.1.1l-150500.17.22.1 * openssl-1_1-1.1.1l-150500.17.22.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.22.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.22.1 * libopenssl-1_1-devel-1.1.1l-150500.17.22.1 * libopenssl1_1-hmac-1.1.1l-150500.17.22.1 * Basesystem Module 15-SP5 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.22.1 * libopenssl1_1-32bit-1.1.1l-150500.17.22.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.22.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 20:30:21 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:21 -0000 Subject: SUSE-SU-2023:4517-1: moderate: Security update for python3-setuptools Message-ID: <170059862141.25714.9215735248767469332@smelt2.prg2.suse.org> # Security update for python3-setuptools Announcement ID: SUSE-SU-2023:4517-1 Rating: moderate References: * bsc#1206667 Cross-References: * CVE-2022-40897 CVSS scores: * CVE-2022-40897 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-40897 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python3-setuptools fixes the following issues: * CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4517=1 openSUSE-SLE-15.4-2023-4517=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4517=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4517=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4517=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4517=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4517=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4517=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4517=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4517=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4517=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4517=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-setuptools-test-44.1.1-150400.9.6.1 * python3-setuptools-wheel-44.1.1-150400.9.6.1 * python3-setuptools-44.1.1-150400.9.6.1 * openSUSE Leap Micro 5.3 (noarch) * python3-setuptools-44.1.1-150400.9.6.1 * openSUSE Leap Micro 5.4 (noarch) * python3-setuptools-44.1.1-150400.9.6.1 * openSUSE Leap 15.5 (noarch) * python3-setuptools-test-44.1.1-150400.9.6.1 * python3-setuptools-wheel-44.1.1-150400.9.6.1 * python3-setuptools-44.1.1-150400.9.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-setuptools-44.1.1-150400.9.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-setuptools-44.1.1-150400.9.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-setuptools-44.1.1-150400.9.6.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-setuptools-44.1.1-150400.9.6.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-setuptools-44.1.1-150400.9.6.1 * Basesystem Module 15-SP4 (noarch) * python3-setuptools-test-44.1.1-150400.9.6.1 * python3-setuptools-wheel-44.1.1-150400.9.6.1 * python3-setuptools-44.1.1-150400.9.6.1 * Basesystem Module 15-SP5 (noarch) * python3-setuptools-test-44.1.1-150400.9.6.1 * python3-setuptools-wheel-44.1.1-150400.9.6.1 * python3-setuptools-44.1.1-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40897.html * https://bugzilla.suse.com/show_bug.cgi?id=1206667 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 20:30:24 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:24 -0000 Subject: SUSE-SU-2023:4516-1: important: Security update for strongswan Message-ID: <170059862433.25714.878522452763232331@smelt2.prg2.suse.org> # Security update for strongswan Announcement ID: SUSE-SU-2023:4516-1 Rating: important References: * bsc#1216901 Cross-References: * CVE-2023-41913 CVSS scores: * CVE-2023-41913 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4516=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4516=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4516=1 ## Package List: * SUSE CaaS Platform 4.0 (x86_64) * strongswan-libs0-5.8.2-150000.4.23.2 * strongswan-debugsource-5.8.2-150000.4.23.2 * strongswan-ipsec-5.8.2-150000.4.23.2 * strongswan-hmac-5.8.2-150000.4.23.2 * strongswan-5.8.2-150000.4.23.2 * strongswan-ipsec-debuginfo-5.8.2-150000.4.23.2 * strongswan-debuginfo-5.8.2-150000.4.23.2 * strongswan-libs0-debuginfo-5.8.2-150000.4.23.2 * SUSE CaaS Platform 4.0 (noarch) * strongswan-doc-5.8.2-150000.4.23.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * strongswan-libs0-5.8.2-150000.4.23.2 * strongswan-debugsource-5.8.2-150000.4.23.2 * strongswan-ipsec-5.8.2-150000.4.23.2 * strongswan-hmac-5.8.2-150000.4.23.2 * strongswan-5.8.2-150000.4.23.2 * strongswan-ipsec-debuginfo-5.8.2-150000.4.23.2 * strongswan-debuginfo-5.8.2-150000.4.23.2 * strongswan-libs0-debuginfo-5.8.2-150000.4.23.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * strongswan-doc-5.8.2-150000.4.23.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * strongswan-libs0-5.8.2-150000.4.23.2 * strongswan-debugsource-5.8.2-150000.4.23.2 * strongswan-ipsec-5.8.2-150000.4.23.2 * strongswan-hmac-5.8.2-150000.4.23.2 * strongswan-5.8.2-150000.4.23.2 * strongswan-ipsec-debuginfo-5.8.2-150000.4.23.2 * strongswan-debuginfo-5.8.2-150000.4.23.2 * strongswan-libs0-debuginfo-5.8.2-150000.4.23.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * strongswan-doc-5.8.2-150000.4.23.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * strongswan-libs0-5.8.2-150000.4.23.2 * strongswan-debugsource-5.8.2-150000.4.23.2 * strongswan-ipsec-5.8.2-150000.4.23.2 * strongswan-hmac-5.8.2-150000.4.23.2 * strongswan-5.8.2-150000.4.23.2 * strongswan-ipsec-debuginfo-5.8.2-150000.4.23.2 * strongswan-debuginfo-5.8.2-150000.4.23.2 * strongswan-libs0-debuginfo-5.8.2-150000.4.23.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * strongswan-doc-5.8.2-150000.4.23.2 ## References: * https://www.suse.com/security/cve/CVE-2023-41913.html * https://bugzilla.suse.com/show_bug.cgi?id=1216901 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 20:30:31 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:31 -0000 Subject: SUSE-SU-2023:4515-1: important: Security update for strongswan Message-ID: <170059863129.25714.17614848140444527805@smelt2.prg2.suse.org> # Security update for strongswan Announcement ID: SUSE-SU-2023:4515-1 Rating: important References: * bsc#1216901 Cross-References: * CVE-2023-41913 CVSS scores: * CVE-2023-41913 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4515=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4515=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4515=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4515=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4515=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4515=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4515=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4515=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Enterprise Storage 7.1 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 ## References: * https://www.suse.com/security/cve/CVE-2023-41913.html * https://bugzilla.suse.com/show_bug.cgi?id=1216901 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 20:30:33 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:33 -0000 Subject: SUSE-SU-2023:4514-1: important: Security update for strongswan Message-ID: <170059863317.25714.6306537651246247859@smelt2.prg2.suse.org> # Security update for strongswan Announcement ID: SUSE-SU-2023:4514-1 Rating: important References: * bsc#1216901 Cross-References: * CVE-2023-41913 CVSS scores: * CVE-2023-41913 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4514=1 openSUSE-SLE-15.4-2023-4514=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4514=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4514=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4514=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * strongswan-mysql-debuginfo-5.9.11-150400.19.17.2 * strongswan-nm-5.9.11-150400.19.17.2 * strongswan-mysql-5.9.11-150400.19.17.2 * strongswan-sqlite-5.9.11-150400.19.17.2 * strongswan-libs0-debuginfo-5.9.11-150400.19.17.2 * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-ipsec-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-hmac-5.9.11-150400.19.17.2 * strongswan-sqlite-debuginfo-5.9.11-150400.19.17.2 * strongswan-ipsec-debuginfo-5.9.11-150400.19.17.2 * strongswan-libs0-5.9.11-150400.19.17.2 * strongswan-nm-debuginfo-5.9.11-150400.19.17.2 * strongswan-5.9.11-150400.19.17.2 * openSUSE Leap 15.4 (noarch) * strongswan-doc-5.9.11-150400.19.17.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * strongswan-libs0-debuginfo-5.9.11-150400.19.17.2 * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-ipsec-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-hmac-5.9.11-150400.19.17.2 * strongswan-ipsec-debuginfo-5.9.11-150400.19.17.2 * strongswan-libs0-5.9.11-150400.19.17.2 * strongswan-5.9.11-150400.19.17.2 * Basesystem Module 15-SP4 (noarch) * strongswan-doc-5.9.11-150400.19.17.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-nm-debuginfo-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-nm-5.9.11-150400.19.17.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-nm-debuginfo-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-nm-5.9.11-150400.19.17.2 ## References: * https://www.suse.com/security/cve/CVE-2023-41913.html * https://bugzilla.suse.com/show_bug.cgi?id=1216901 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 20:30:35 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:35 -0000 Subject: SUSE-SU-2023:4513-1: important: Security update for apache2-mod_jk Message-ID: <170059863563.25714.5255012196905452492@smelt2.prg2.suse.org> # Security update for apache2-mod_jk Announcement ID: SUSE-SU-2023:4513-1 Rating: important References: * bsc#1114612 Cross-References: * CVE-2018-11759 CVSS scores: * CVE-2018-11759 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2018-11759 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for apache2-mod_jk fixes the following issues: Update to version 1.2.49: Apache * Retrieve default request id from mod_unique_id. It can also be taken from an arbitrary environment variable by configuring "JkRequestIdIndicator". * Don't delegate the generatation of the response body to httpd when the status code represents an error if the request used the HEAD method. * Only export the main module symbol. Visibility of module internal symbols led to crashes when conflicting with library symbols. Based on a patch provided by Josef ?ejka. * Remove support for implicit mapping of requests to workers. All mappings must now be explicit. IIS * Set default request id as a GUID. It can also be taken from an arbitrary request header by configuring "request_id_header". * Fix non-empty check for the Translate header. Common * Fix compiler warning when initializing and copying fixed length strings. * Add a request id to mod_jk log lines. * Enable configure to find the correct sizes for pid_t and pthread_t when building on MacOS. * Fix Clang 15/16 compatability. Pull request #6 provided by Sam James. * Improve XSS hardening in status worker. * Add additional bounds and error checking when reading AJP messages. Docs * Remove support for the Netscape / Sun ONE / Oracle iPlanet Web Server as the product has been retired. * Remove links to the old JK2 documentation. The JK2 documentation is still available, it is just no longer linked from the current JK documentation. * Restructure subsections in changelog starting with version 1.2.45. Changes for 1.2.47 and 1.2.48 updates: * Add: Apache: Extend trace level logging of method entry/exit to aid debugging of request mapping issues. * Fix: Apache: Fix a bug in the normalization checks that prevented file based requests, such as SSI file includes, from being processed. * Fix: Apache: When using JkAutoAlias, ensure that files that include spaces in their name are accessible. * Update: Common: Update the documentation to reflect that the source code for the Apache Tomcat Connectors has moved from Subversion to Git. * Fix: Common: When using set_session_cookie, ensure that an updated session cookie is issued if the load-balancer has to failover to a different worker. * Update: Common: Update config.guess and config.sub from https://git.savannah.gnu.org/git/config.git. * Update: Common: Update release script for migration to git. Update to version 1.2.46 Fixes: * Apache: Fix regression in 1.2.44 which resulted in socket_connect_timeout to be interpreted in units of seconds instead of milliseconds on platforms that provide poll(). (rjung) * Security: CVE-2018-11759 Connector path traversal [bsc#1114612] Update to version 1.2.45 Fixes: * Correct regression in 1.2.44 that broke request handling for OPTIONS * requests. (rjung) * Improve path parameter parsing so that the session ID specified by the session_path worker property for load-balanced workers can be extracted from a path parameter in any segment of the URI, rather than only from the final segment. (markt) * Apache: Improve path parameter handling so that JkStripSession can remove session IDs that are specified on path parameters in any segment of the URI rather than only the final segment. (markt) * IIS: Improve path parameter handling so that strip_session can remove session IDs that are specified on path parameters in any segment of the URI rather than only the final segment. (markt) Updates: * Apache: Update the documentation to note additional limitations of the JkAutoAlias directive. (markt) Code: * Common: Optimize path parameter handling. (rjung) Update to version 1.2.44 Updates: * Remove the Novell Netware make files and Netware specific source code since there has not been a supported version of Netware available for over five years. (markt) * Apache: Update the documentation to use httpd 2.4.x style access control directives. (markt) * Update PCRE bundled with the ISAPI redirector to 8.42. (rjung) * Update config.guess and config.sub from https://git.savannah.gnu.org/git/config.git. (rjung) Fixes: * Common: Use Local, rather than Global, mutexs on Windows to better support multi-user environments. (markt) * Apache: Use poll rather than select to avoid the limitations of select triggering an httpd crash. Patch provided by Koen Wilde. (markt) * ISAPI: Remove the check that rejects requests that contain path segments that match WEB-INF or META-INF as it duplicates a check that Tomcat performs and, because ISAPI does not have visibility of the current context path, it is impossible to implement this check without valid requests being rejected. (markt) * Refactor normalisation of request URIs to a common location and align the normalisation implementation for mod_jk with that implemented by Tomcat. (markt) Add: * Clarify the behvaiour of lb workers when all ajp13 workers fail with particular reference to the role of the retries attribute. (markt) * Add the new load-balancer worker property lb_retries to improve the control over the number of retries. Based on a patch provided by Frederik Nosi. (markt) * Add a note to the documentation that the CollapseSlashes options are now effectively hard-coded to CollpaseSlashesAll due to the changes made to align normalization with that implemented in Tomcat. (markt) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4513=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4513=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4513=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4513=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * apache2-mod_jk-debuginfo-1.2.49-150100.6.6.1 * apache2-mod_jk-debugsource-1.2.49-150100.6.6.1 * apache2-mod_jk-1.2.49-150100.6.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * apache2-mod_jk-debuginfo-1.2.49-150100.6.6.1 * apache2-mod_jk-debugsource-1.2.49-150100.6.6.1 * apache2-mod_jk-1.2.49-150100.6.6.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-mod_jk-debuginfo-1.2.49-150100.6.6.1 * apache2-mod_jk-debugsource-1.2.49-150100.6.6.1 * apache2-mod_jk-1.2.49-150100.6.6.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-mod_jk-debuginfo-1.2.49-150100.6.6.1 * apache2-mod_jk-debugsource-1.2.49-150100.6.6.1 * apache2-mod_jk-1.2.49-150100.6.6.1 ## References: * https://www.suse.com/security/cve/CVE-2018-11759.html * https://bugzilla.suse.com/show_bug.cgi?id=1114612 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 21 20:30:38 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Nov 2023 20:30:38 -0000 Subject: SUSE-SU-2023:4512-1: important: Security update for util-linux Message-ID: <170059863816.25714.3209479929986182995@smelt2.prg2.suse.org> # Security update for util-linux Announcement ID: SUSE-SU-2023:4512-1 Rating: important References: * bsc#1213865 Cross-References: * CVE-2018-7738 CVSS scores: * CVE-2018-7738 ( SUSE ): 8.2 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2018-7738 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for util-linux fixes the following issues: * CVE-2018-7738: Fixed shell code injection in umount bash-completions (bsc#1213865). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4512=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4512=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4512=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4512=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4512=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4512=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libuuid-devel-static-2.33.2-150100.4.40.1 * libuuid-devel-2.33.2-150100.4.40.1 * libfdisk-devel-2.33.2-150100.4.40.1 * util-linux-systemd-2.33.2-150100.4.40.1 * util-linux-debugsource-2.33.2-150100.4.40.1 * libsmartcols-devel-2.33.2-150100.4.40.1 * libblkid-devel-static-2.33.2-150100.4.40.1 * libfdisk1-debuginfo-2.33.2-150100.4.40.1 * util-linux-systemd-debugsource-2.33.2-150100.4.40.1 * libblkid1-2.33.2-150100.4.40.1 * libuuid1-2.33.2-150100.4.40.1 * libmount1-debuginfo-2.33.2-150100.4.40.1 * uuidd-2.33.2-150100.4.40.1 * uuidd-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-2.33.2-150100.4.40.1 * util-linux-2.33.2-150100.4.40.1 * libuuid1-debuginfo-2.33.2-150100.4.40.1 * libfdisk1-2.33.2-150100.4.40.1 * util-linux-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-debuginfo-2.33.2-150100.4.40.1 * libblkid1-debuginfo-2.33.2-150100.4.40.1 * libmount1-2.33.2-150100.4.40.1 * libblkid-devel-2.33.2-150100.4.40.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.40.1 * libmount-devel-2.33.2-150100.4.40.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * util-linux-lang-2.33.2-150100.4.40.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libmount1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-2.33.2-150100.4.40.1 * libblkid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libblkid1-32bit-2.33.2-150100.4.40.1 * libmount1-32bit-2.33.2-150100.4.40.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libuuid-devel-static-2.33.2-150100.4.40.1 * libuuid-devel-2.33.2-150100.4.40.1 * libfdisk-devel-2.33.2-150100.4.40.1 * util-linux-systemd-2.33.2-150100.4.40.1 * util-linux-debugsource-2.33.2-150100.4.40.1 * libsmartcols-devel-2.33.2-150100.4.40.1 * libblkid-devel-static-2.33.2-150100.4.40.1 * libfdisk1-debuginfo-2.33.2-150100.4.40.1 * util-linux-systemd-debugsource-2.33.2-150100.4.40.1 * libblkid1-2.33.2-150100.4.40.1 * libuuid1-2.33.2-150100.4.40.1 * libmount1-debuginfo-2.33.2-150100.4.40.1 * uuidd-2.33.2-150100.4.40.1 * uuidd-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-2.33.2-150100.4.40.1 * util-linux-2.33.2-150100.4.40.1 * libuuid1-debuginfo-2.33.2-150100.4.40.1 * libfdisk1-2.33.2-150100.4.40.1 * util-linux-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-debuginfo-2.33.2-150100.4.40.1 * libblkid1-debuginfo-2.33.2-150100.4.40.1 * libmount1-2.33.2-150100.4.40.1 * libblkid-devel-2.33.2-150100.4.40.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.40.1 * libmount-devel-2.33.2-150100.4.40.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * util-linux-lang-2.33.2-150100.4.40.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libmount1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-2.33.2-150100.4.40.1 * libblkid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libblkid1-32bit-2.33.2-150100.4.40.1 * libmount1-32bit-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libuuid-devel-static-2.33.2-150100.4.40.1 * libuuid-devel-2.33.2-150100.4.40.1 * libfdisk-devel-2.33.2-150100.4.40.1 * util-linux-systemd-2.33.2-150100.4.40.1 * util-linux-debugsource-2.33.2-150100.4.40.1 * libsmartcols-devel-2.33.2-150100.4.40.1 * libblkid-devel-static-2.33.2-150100.4.40.1 * libfdisk1-debuginfo-2.33.2-150100.4.40.1 * util-linux-systemd-debugsource-2.33.2-150100.4.40.1 * libblkid1-2.33.2-150100.4.40.1 * libuuid1-2.33.2-150100.4.40.1 * libmount1-debuginfo-2.33.2-150100.4.40.1 * uuidd-2.33.2-150100.4.40.1 * uuidd-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-2.33.2-150100.4.40.1 * util-linux-2.33.2-150100.4.40.1 * libuuid1-debuginfo-2.33.2-150100.4.40.1 * libfdisk1-2.33.2-150100.4.40.1 * util-linux-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-debuginfo-2.33.2-150100.4.40.1 * libblkid1-debuginfo-2.33.2-150100.4.40.1 * libmount1-2.33.2-150100.4.40.1 * libblkid-devel-2.33.2-150100.4.40.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.40.1 * libmount-devel-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * util-linux-lang-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libmount1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-2.33.2-150100.4.40.1 * libblkid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libblkid1-32bit-2.33.2-150100.4.40.1 * libmount1-32bit-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libuuid-devel-static-2.33.2-150100.4.40.1 * libuuid-devel-2.33.2-150100.4.40.1 * libfdisk-devel-2.33.2-150100.4.40.1 * util-linux-systemd-2.33.2-150100.4.40.1 * util-linux-debugsource-2.33.2-150100.4.40.1 * libsmartcols-devel-2.33.2-150100.4.40.1 * libblkid-devel-static-2.33.2-150100.4.40.1 * libfdisk1-debuginfo-2.33.2-150100.4.40.1 * util-linux-systemd-debugsource-2.33.2-150100.4.40.1 * libblkid1-2.33.2-150100.4.40.1 * libuuid1-2.33.2-150100.4.40.1 * libmount1-debuginfo-2.33.2-150100.4.40.1 * uuidd-2.33.2-150100.4.40.1 * uuidd-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-2.33.2-150100.4.40.1 * util-linux-2.33.2-150100.4.40.1 * libuuid1-debuginfo-2.33.2-150100.4.40.1 * libfdisk1-2.33.2-150100.4.40.1 * util-linux-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-debuginfo-2.33.2-150100.4.40.1 * libblkid1-debuginfo-2.33.2-150100.4.40.1 * libmount1-2.33.2-150100.4.40.1 * libblkid-devel-2.33.2-150100.4.40.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.40.1 * libmount-devel-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * util-linux-lang-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libmount1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-2.33.2-150100.4.40.1 * libblkid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libblkid1-32bit-2.33.2-150100.4.40.1 * libmount1-32bit-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libuuid-devel-static-2.33.2-150100.4.40.1 * libuuid-devel-2.33.2-150100.4.40.1 * libfdisk-devel-2.33.2-150100.4.40.1 * util-linux-systemd-2.33.2-150100.4.40.1 * util-linux-debugsource-2.33.2-150100.4.40.1 * libsmartcols-devel-2.33.2-150100.4.40.1 * libblkid-devel-static-2.33.2-150100.4.40.1 * libfdisk1-debuginfo-2.33.2-150100.4.40.1 * util-linux-systemd-debugsource-2.33.2-150100.4.40.1 * libblkid1-2.33.2-150100.4.40.1 * libuuid1-2.33.2-150100.4.40.1 * libmount1-debuginfo-2.33.2-150100.4.40.1 * uuidd-2.33.2-150100.4.40.1 * uuidd-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-2.33.2-150100.4.40.1 * util-linux-2.33.2-150100.4.40.1 * libuuid1-debuginfo-2.33.2-150100.4.40.1 * libfdisk1-2.33.2-150100.4.40.1 * util-linux-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-debuginfo-2.33.2-150100.4.40.1 * libblkid1-debuginfo-2.33.2-150100.4.40.1 * libmount1-2.33.2-150100.4.40.1 * libblkid-devel-2.33.2-150100.4.40.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.40.1 * libmount-devel-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * util-linux-lang-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libmount1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-2.33.2-150100.4.40.1 * libblkid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libblkid1-32bit-2.33.2-150100.4.40.1 * libmount1-32bit-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libuuid-devel-static-2.33.2-150100.4.40.1 * libuuid-devel-2.33.2-150100.4.40.1 * libfdisk-devel-2.33.2-150100.4.40.1 * util-linux-systemd-2.33.2-150100.4.40.1 * util-linux-debugsource-2.33.2-150100.4.40.1 * libsmartcols-devel-2.33.2-150100.4.40.1 * libblkid-devel-static-2.33.2-150100.4.40.1 * libfdisk1-debuginfo-2.33.2-150100.4.40.1 * util-linux-systemd-debugsource-2.33.2-150100.4.40.1 * libblkid1-2.33.2-150100.4.40.1 * libuuid1-2.33.2-150100.4.40.1 * libmount1-debuginfo-2.33.2-150100.4.40.1 * uuidd-2.33.2-150100.4.40.1 * uuidd-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-2.33.2-150100.4.40.1 * util-linux-2.33.2-150100.4.40.1 * libuuid1-debuginfo-2.33.2-150100.4.40.1 * libfdisk1-2.33.2-150100.4.40.1 * util-linux-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-debuginfo-2.33.2-150100.4.40.1 * libblkid1-debuginfo-2.33.2-150100.4.40.1 * libmount1-2.33.2-150100.4.40.1 * libblkid-devel-2.33.2-150100.4.40.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.40.1 * libmount-devel-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * util-linux-lang-2.33.2-150100.4.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libmount1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-2.33.2-150100.4.40.1 * libblkid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libblkid1-32bit-2.33.2-150100.4.40.1 * libmount1-32bit-2.33.2-150100.4.40.1 * SUSE CaaS Platform 4.0 (x86_64) * libuuid-devel-static-2.33.2-150100.4.40.1 * libuuid-devel-2.33.2-150100.4.40.1 * libfdisk-devel-2.33.2-150100.4.40.1 * util-linux-systemd-2.33.2-150100.4.40.1 * libblkid1-32bit-debuginfo-2.33.2-150100.4.40.1 * util-linux-debugsource-2.33.2-150100.4.40.1 * libsmartcols-devel-2.33.2-150100.4.40.1 * libblkid-devel-static-2.33.2-150100.4.40.1 * libfdisk1-debuginfo-2.33.2-150100.4.40.1 * util-linux-systemd-debugsource-2.33.2-150100.4.40.1 * libblkid1-2.33.2-150100.4.40.1 * libmount1-32bit-debuginfo-2.33.2-150100.4.40.1 * libuuid1-2.33.2-150100.4.40.1 * libmount1-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-2.33.2-150100.4.40.1 * libblkid1-32bit-2.33.2-150100.4.40.1 * libmount1-32bit-2.33.2-150100.4.40.1 * uuidd-2.33.2-150100.4.40.1 * uuidd-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-2.33.2-150100.4.40.1 * util-linux-2.33.2-150100.4.40.1 * libuuid1-debuginfo-2.33.2-150100.4.40.1 * libfdisk1-2.33.2-150100.4.40.1 * util-linux-debuginfo-2.33.2-150100.4.40.1 * libsmartcols1-debuginfo-2.33.2-150100.4.40.1 * libblkid1-debuginfo-2.33.2-150100.4.40.1 * libuuid1-32bit-debuginfo-2.33.2-150100.4.40.1 * libmount1-2.33.2-150100.4.40.1 * libblkid-devel-2.33.2-150100.4.40.1 * util-linux-systemd-debuginfo-2.33.2-150100.4.40.1 * libmount-devel-2.33.2-150100.4.40.1 * SUSE CaaS Platform 4.0 (noarch) * util-linux-lang-2.33.2-150100.4.40.1 ## References: * https://www.suse.com/security/cve/CVE-2018-7738.html * https://bugzilla.suse.com/show_bug.cgi?id=1213865 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 22 08:42:56 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 09:42:56 +0100 (CET) Subject: SUSE-CU-2023:3791-1: Security update of suse/sle15 Message-ID: <20231122084256.9188EFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3791-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.120 , suse/sle15:15.4 , suse/sle15:15.4.27.14.120 Container Release : 27.14.120 Severity : important Type : security References : 1212475 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4511-1 Released: Tue Nov 21 16:43:08 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.44.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - libopenssl1_1-1.1.1l-150400.7.60.2 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated From sle-security-updates at lists.suse.com Wed Nov 22 08:44:41 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 09:44:41 +0100 (CET) Subject: SUSE-CU-2023:3798-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231122084441.8F35BFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3798-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.9 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.9 Container Release : 9.40.9 Severity : moderate Type : security References : 1206667 CVE-2022-40897 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). The following package changes have been done: - python3-setuptools-44.1.1-150400.9.6.1 updated From sle-security-updates at lists.suse.com Wed Nov 22 08:44:49 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 09:44:49 +0100 (CET) Subject: SUSE-CU-2023:3799-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231122084449.4F36CFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3799-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.8 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.8 Container Release : 9.30.8 Severity : moderate Type : security References : 1206667 CVE-2022-40897 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). The following package changes have been done: - python3-setuptools-44.1.1-150400.9.6.1 updated From sle-security-updates at lists.suse.com Wed Nov 22 16:30:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 16:30:04 -0000 Subject: SUSE-SU-2023:4529-1: important: Security update for strongswan Message-ID: <170067060492.8053.17145642675336677000@smelt2.prg2.suse.org> # Security update for strongswan Announcement ID: SUSE-SU-2023:4529-1 Rating: important References: * bsc#1216901 Cross-References: * CVE-2023-41913 CVSS scores: * CVE-2023-41913 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4529=1 openSUSE-SLE-15.5-2023-4529=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4529=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4529=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4529=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * strongswan-ipsec-5.9.11-150500.5.6.1 * strongswan-mysql-5.9.11-150500.5.6.1 * strongswan-nm-debuginfo-5.9.11-150500.5.6.1 * strongswan-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 * strongswan-nm-5.9.11-150500.5.6.1 * strongswan-sqlite-5.9.11-150500.5.6.1 * strongswan-hmac-5.9.11-150500.5.6.1 * strongswan-ipsec-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-5.9.11-150500.5.6.1 * strongswan-debugsource-5.9.11-150500.5.6.1 * strongswan-mysql-debuginfo-5.9.11-150500.5.6.1 * strongswan-sqlite-debuginfo-5.9.11-150500.5.6.1 * openSUSE Leap 15.5 (noarch) * strongswan-doc-5.9.11-150500.5.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * strongswan-ipsec-5.9.11-150500.5.6.1 * strongswan-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 * strongswan-hmac-5.9.11-150500.5.6.1 * strongswan-ipsec-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-5.9.11-150500.5.6.1 * strongswan-debugsource-5.9.11-150500.5.6.1 * Basesystem Module 15-SP5 (noarch) * strongswan-doc-5.9.11-150500.5.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * strongswan-debugsource-5.9.11-150500.5.6.1 * strongswan-nm-debuginfo-5.9.11-150500.5.6.1 * strongswan-nm-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * strongswan-debugsource-5.9.11-150500.5.6.1 * strongswan-nm-debuginfo-5.9.11-150500.5.6.1 * strongswan-nm-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41913.html * https://bugzilla.suse.com/show_bug.cgi?id=1216901 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 22 16:30:07 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 16:30:07 -0000 Subject: SUSE-SU-2023:4528-1: important: Security update for python-Pillow Message-ID: <170067060728.8053.1299862703246724029@smelt2.prg2.suse.org> # Security update for python-Pillow Announcement ID: SUSE-SU-2023:4528-1 Rating: important References: * bsc#1216894 Cross-References: * CVE-2023-44271 CVSS scores: * CVE-2023-44271 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44271 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Python 3 Module 15-SP4 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issues: * CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4528=1 openSUSE-SLE-15.4-2023-4528=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4528=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4528=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4528=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python311-Pillow-tk-9.5.0-150400.5.6.1 * python-Pillow-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-9.5.0-150400.5.6.1 * python311-Pillow-debuginfo-9.5.0-150400.5.6.1 * python-Pillow-debugsource-9.5.0-150400.5.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python311-Pillow-tk-9.5.0-150400.5.6.1 * python-Pillow-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-9.5.0-150400.5.6.1 * python311-Pillow-debuginfo-9.5.0-150400.5.6.1 * python-Pillow-debugsource-9.5.0-150400.5.6.1 * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-Pillow-tk-9.5.0-150400.5.6.1 * python-Pillow-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-9.5.0-150400.5.6.1 * python311-Pillow-debuginfo-9.5.0-150400.5.6.1 * python-Pillow-debugsource-9.5.0-150400.5.6.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-Pillow-tk-9.5.0-150400.5.6.1 * python-Pillow-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-9.5.0-150400.5.6.1 * python311-Pillow-debuginfo-9.5.0-150400.5.6.1 * python-Pillow-debugsource-9.5.0-150400.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44271.html * https://bugzilla.suse.com/show_bug.cgi?id=1216894 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 22 16:30:10 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 16:30:10 -0000 Subject: SUSE-SU-2023:4527-1: moderate: Security update for maven, maven-resolver, sbt, xmvn Message-ID: <170067061095.8053.12552086707503148636@smelt2.prg2.suse.org> # Security update for maven, maven-resolver, sbt, xmvn Announcement ID: SUSE-SU-2023:4527-1 Rating: moderate References: * bsc#1162112 * bsc#1216529 Cross-References: * CVE-2023-46122 CVSS scores: * CVE-2023-46122 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L * CVE-2023-46122 ( NVD ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for maven, maven-resolver, sbt, xmvn fixes the following issues: * CVE-2023-46122: Fixed an arbitrary file write when extracting a crafted zip file with sbt (bsc#1216529). * Upgraded maven to version 3.9.4 * Upgraded maven-resolver to version 1.9.15. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4527=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4527=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4527=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4527=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4527=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4527=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4527=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4527=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4527=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4527=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4527=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4527=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4527=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * openSUSE Leap 15.4 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * maven-resolver-transport-classpath-1.9.15-150200.3.14.2 * maven-javadoc-3.9.4-150200.4.18.1 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * maven-resolver-javadoc-1.9.15-150200.3.14.2 * maven-resolver-test-util-1.9.15-150200.3.14.2 * sbt-0.13.18-150200.4.16.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * sbt-bootstrap-0.13.18-150200.4.16.1 * xmvn-connector-javadoc-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * xmvn-tools-javadoc-4.2.0-150200.3.14.1 * maven-resolver-impl-1.9.15-150200.3.14.2 * xmvn-parent-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-mojo-javadoc-4.2.0-150200.3.14.1 * xmvn-resolve-4.2.0-150200.3.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * openSUSE Leap 15.5 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * maven-resolver-transport-classpath-1.9.15-150200.3.14.2 * maven-javadoc-3.9.4-150200.4.18.1 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * maven-resolver-javadoc-1.9.15-150200.3.14.2 * maven-resolver-test-util-1.9.15-150200.3.14.2 * sbt-0.13.18-150200.4.16.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * sbt-bootstrap-0.13.18-150200.4.16.1 * xmvn-connector-javadoc-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * xmvn-tools-javadoc-4.2.0-150200.3.14.1 * maven-resolver-impl-1.9.15-150200.3.14.2 * xmvn-parent-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-mojo-javadoc-4.2.0-150200.3.14.1 * xmvn-resolve-4.2.0-150200.3.14.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-minimal-4.2.0-150200.3.14.1 * xmvn-4.2.0-150200.3.14.1 * Development Tools Module 15-SP4 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * Development Tools Module 15-SP5 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-util-1.9.15-150200.3.14.2 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Package Hub 15 15-SP5 (noarch) * sbt-bootstrap-0.13.18-150200.4.16.1 * sbt-0.13.18-150200.4.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Enterprise Storage 7.1 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 ## References: * https://www.suse.com/security/cve/CVE-2023-46122.html * https://bugzilla.suse.com/show_bug.cgi?id=1162112 * https://bugzilla.suse.com/show_bug.cgi?id=1216529 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 22 19:12:27 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:12:27 +0100 (CET) Subject: SUSE-CU-2023:3801-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231122191227.B0B39FD1F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3801-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.258 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.258 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - libopenssl1_1-1.1.1l-150400.7.60.2 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated - container:sles15-image-15.0.0-27.14.120 updated From sle-security-updates at lists.suse.com Wed Nov 22 19:12:59 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:12:59 +0100 (CET) Subject: SUSE-CU-2023:3802-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231122191259.49BA3FD1F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3802-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.155 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.155 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - libopenssl1_1-1.1.1l-150400.7.60.2 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated - container:sles15-image-15.0.0-27.14.120 updated From sle-security-updates at lists.suse.com Wed Nov 22 19:14:27 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:14:27 +0100 (CET) Subject: SUSE-CU-2023:3803-1: Security update of suse/sle15 Message-ID: <20231122191427.64689F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3803-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.215 , suse/sle15:15.3 , suse/sle15:15.3.17.20.215 Container Release : 17.20.215 Severity : important Type : security References : 1212475 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4511-1 Released: Tue Nov 21 16:43:08 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4519-1 Released: Tue Nov 21 17:39:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.44.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.82.1 updated - libopenssl1_1-1.1.1d-150200.11.82.1 updated - openssl-1_1-1.1.1d-150200.11.82.1 updated From sle-security-updates at lists.suse.com Wed Nov 22 19:15:16 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:15:16 +0100 (CET) Subject: SUSE-CU-2023:3804-1: Security update of bci/bci-init Message-ID: <20231122191516.2A81BF3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3804-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.29 Container Release : 30.29 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - container:sles15-image-15.0.0-27.14.120 updated From sle-security-updates at lists.suse.com Wed Nov 22 19:15:48 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:15:48 +0100 (CET) Subject: SUSE-CU-2023:3805-1: Security update of bci/nodejs Message-ID: <20231122191548.DCA91F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3805-1 Container Tags : bci/node:16 , bci/node:16-18.24 , bci/nodejs:16 , bci/nodejs:16-18.24 Container Release : 18.24 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - container:sles15-image-15.0.0-27.14.119 updated From sle-security-updates at lists.suse.com Wed Nov 22 19:16:50 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:16:50 +0100 (CET) Subject: SUSE-CU-2023:3806-1: Security update of suse/pcp Message-ID: <20231122191650.806F3FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3806-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.194 , suse/pcp:5.2 , suse/pcp:5.2-17.194 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.194 Container Release : 17.194 Severity : important Type : security References : 1215947 1216419 1216922 CVE-2023-38470 CVE-2023-38473 CVE-2023-5678 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - libavahi-common3-0.8-150400.7.10.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - container:bci-bci-init-15.4-15.4-30.29 updated From sle-security-updates at lists.suse.com Wed Nov 22 19:17:02 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:17:02 +0100 (CET) Subject: SUSE-CU-2023:3807-1: Security update of suse/postgres Message-ID: <20231122191702.9D65DFD1F@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3807-1 Container Tags : suse/postgres:14 , suse/postgres:14-24.14 , suse/postgres:14.10 , suse/postgres:14.10-24.14 Container Release : 24.14 Severity : important Type : security References : 1122892 1179231 1206796 1209208 1216022 1216022 1216734 1216734 1216922 1216960 1216960 1216961 1216961 1216962 1216962 CVE-2023-5678 CVE-2023-5868 CVE-2023-5868 CVE-2023-5869 CVE-2023-5869 CVE-2023-5870 CVE-2023-5870 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4479-1 Released: Mon Nov 20 10:09:03 2023 Summary: Security update for postgresql14 Type: security Severity: important References: 1216022,1216734,1216960,1216961,1216962,CVE-2023-5868,CVE-2023-5869,CVE-2023-5870 This update for postgresql14 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT 'any' aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) - update to 14.10: https://www.postgresql.org/docs/14/release-14-10.html - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4495-1 Released: Tue Nov 21 08:39:58 2023 Summary: Security update for postgresql, postgresql15, postgresql16 Type: security Severity: important References: 1122892,1179231,1206796,1209208,1216022,1216734,1216960,1216961,1216962,CVE-2023-5868,CVE-2023-5869,CVE-2023-5870 This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16. Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT 'any' aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) Changes in postgresql16: - Upgrade to 16.1: * https://www.postgresql.org/about/news/2715 * https://www.postgresql.org/docs/16/release-16.html * https://www.postgresql.org/docs/16/release-16-1.html - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. Changes in postgresql15: - Update to 15.5 https://www.postgresql.org/docs/15/release-15-5.html - The libs and mini package are now provided by postgresql16. - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. Changes in postgresql: - Interlock version and release of all noarch packages except for the postgresql-docs. - bsc#1122892: Add a sysconfig variable for initdb. - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - bsc#1179231: Add an explanation for the /tmp -> /run/postgresql move and permission change. - Add postgresql-README as a separate source file. - bsc#1209208: Drop hard dependency on systemd - bsc#1206796: Refine the distinction of where to use sysusers and use bcond to have the expression only in one place. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - libpq5-16.1-150200.5.7.1 updated - postgresql-16-150400.4.9.2 updated - postgresql14-14.10-150200.5.36.1 updated - postgresql-server-16-150400.4.9.2 updated - postgresql14-server-14.10-150200.5.36.1 updated - container:sles15-image-15.0.0-27.14.119 updated - dbus-1-1.12.2-150400.18.8.1 removed - kbd-2.4.0-150400.5.6.1 removed - kbd-legacy-2.4.0-150400.5.6.1 removed - libapparmor1-3.0.4-150400.5.9.1 removed - libargon2-1-0.0+git20171227.670229c-2.14 removed - libcryptsetup12-2.4.3-150400.3.3.1 removed - libcryptsetup12-hmac-2.4.3-150400.3.3.1 removed - libdbus-1-3-1.12.2-150400.18.8.1 removed - libdevmapper1_03-2.03.05_1.02.163-150400.188.1 removed - libexpat1-2.4.4-150400.3.12.1 removed - libffi7-3.2.1.git259-10.8 removed - libip4tc2-1.8.7-1.1 removed - libjson-c3-0.13-3.3.1 removed - libkmod2-29-4.15.1 removed - libp11-kit0-0.23.22-150400.1.10 removed - libseccomp2-2.5.3-150400.2.4 removed - libudev1-249.16-150400.8.35.5 removed - netcfg-11.6-3.3.1 removed - pam-config-1.1-3.3.1 removed - pkg-config-0.29.2-1.436 removed - systemd-249.16-150400.8.35.5 removed - systemd-default-settings-0.7-3.2.1 removed - systemd-default-settings-branding-SLE-0.7-3.2.1 removed - systemd-presets-branding-SLE-15.1-150100.20.11.1 removed - systemd-presets-common-SUSE-15-150100.8.20.1 removed From sle-security-updates at lists.suse.com Wed Nov 22 19:17:46 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:17:46 +0100 (CET) Subject: SUSE-CU-2023:3808-1: Security update of bci/python Message-ID: <20231122191746.1A03DFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3808-1 Container Tags : bci/python:3 , bci/python:3-16.26 , bci/python:3.10 , bci/python:3.10-16.26 Container Release : 16.26 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated - container:sles15-image-15.0.0-27.14.119 updated From sle-security-updates at lists.suse.com Wed Nov 22 19:18:00 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:18:00 +0100 (CET) Subject: SUSE-CU-2023:3809-1: Security update of suse/389-ds Message-ID: <20231122191800.194E8FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3809-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.47 , suse/389-ds:latest Container Release : 16.47 Severity : moderate Type : security References : 1206667 CVE-2022-40897 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). The following package changes have been done: - libxml2-2-2.10.3-150500.5.11.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - container:sles15-image-15.0.0-36.5.57 updated From sle-security-updates at lists.suse.com Wed Nov 22 19:19:54 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:19:54 +0100 (CET) Subject: SUSE-CU-2023:3821-1: Security update of suse/pcp Message-ID: <20231122191954.A6160FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3821-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.68 , suse/pcp:5.2 , suse/pcp:5.2-15.68 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.68 , suse/pcp:latest Container Release : 15.68 Severity : moderate Type : security References : 1215947 1216419 CVE-2023-38470 CVE-2023-38473 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). The following package changes have been done: - libxml2-2-2.10.3-150500.5.11.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 updated - libavahi-common3-0.8-150400.7.10.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - container:bci-bci-init-15.5-15.5-10.39 updated From sle-security-updates at lists.suse.com Wed Nov 22 19:20:20 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:20:20 +0100 (CET) Subject: SUSE-CU-2023:3823-1: Security update of suse/postgres Message-ID: <20231122192020.D5E94F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3823-1 Container Tags : suse/postgres:15 , suse/postgres:15-12.17 , suse/postgres:15.5 , suse/postgres:15.5-12.17 , suse/postgres:latest Container Release : 12.17 Severity : important Type : security References : 1122892 1179231 1206796 1209208 1216022 1216734 1216960 1216961 1216962 CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4495-1 Released: Tue Nov 21 08:39:58 2023 Summary: Security update for postgresql, postgresql15, postgresql16 Type: security Severity: important References: 1122892,1179231,1206796,1209208,1216022,1216734,1216960,1216961,1216962,CVE-2023-5868,CVE-2023-5869,CVE-2023-5870 This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16. Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT 'any' aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) Changes in postgresql16: - Upgrade to 16.1: * https://www.postgresql.org/about/news/2715 * https://www.postgresql.org/docs/16/release-16.html * https://www.postgresql.org/docs/16/release-16-1.html - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. Changes in postgresql15: - Update to 15.5 https://www.postgresql.org/docs/15/release-15-5.html - The libs and mini package are now provided by postgresql16. - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. Changes in postgresql: - Interlock version and release of all noarch packages except for the postgresql-docs. - bsc#1122892: Add a sysconfig variable for initdb. - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - bsc#1179231: Add an explanation for the /tmp -> /run/postgresql move and permission change. - Add postgresql-README as a separate source file. - bsc#1209208: Drop hard dependency on systemd - bsc#1206796: Refine the distinction of where to use sysusers and use bcond to have the expression only in one place. The following package changes have been done: - libxml2-2-2.10.3-150500.5.11.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 updated - libpq5-16.1-150200.5.7.1 updated - postgresql-16-150500.10.3.2 updated - postgresql15-15.5-150200.5.19.1 updated - postgresql-server-16-150500.10.3.2 updated - postgresql15-server-15.5-150200.5.19.1 updated - container:sles15-image-15.0.0-36.5.57 updated - dbus-1-1.12.2-150400.18.8.1 removed - kbd-2.4.0-150400.5.6.1 removed - kbd-legacy-2.4.0-150400.5.6.1 removed - libapparmor1-3.0.4-150500.11.9.1 removed - libargon2-1-0.0+git20171227.670229c-2.14 removed - libcryptsetup12-2.4.3-150400.3.3.1 removed - libcryptsetup12-hmac-2.4.3-150400.3.3.1 removed - libdbus-1-3-1.12.2-150400.18.8.1 removed - libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 removed - libexpat1-2.4.4-150400.3.12.1 removed - libffi7-3.2.1.git259-10.8 removed - libip4tc2-1.8.7-1.1 removed - libjson-c3-0.13-3.3.1 removed - libkmod2-29-4.15.1 removed - libp11-kit0-0.23.22-150500.6.1 removed - libseccomp2-2.5.3-150400.2.4 removed - libudev1-249.16-150400.8.35.5 removed - netcfg-11.6-3.3.1 removed - pam-config-1.1-3.3.1 removed - pkg-config-0.29.2-1.436 removed - systemd-249.16-150400.8.35.5 removed - systemd-default-settings-0.7-3.2.1 removed - systemd-default-settings-branding-SLE-0.7-3.2.1 removed - systemd-presets-branding-SLE-15.1-150100.20.11.1 removed - systemd-presets-common-SUSE-15-150500.20.3.1 removed From sle-security-updates at lists.suse.com Wed Nov 22 19:21:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:21:04 +0100 (CET) Subject: SUSE-CU-2023:3827-1: Security update of suse/sle15 Message-ID: <20231122192104.907C9FD1F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3827-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.57 , suse/sle15:15.5 , suse/sle15:15.5.36.5.57 Container Release : 36.5.57 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4511-1 Released: Tue Nov 21 16:43:08 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.44.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libxml2-2-2.10.3-150500.5.11.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated From sle-security-updates at lists.suse.com Wed Nov 22 19:21:14 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:21:14 +0100 (CET) Subject: SUSE-CU-2023:3828-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20231122192114.1CBF1FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3828-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.9 , suse/manager/4.3/proxy-ssh:4.3.9.9.30.8 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.9 , suse/manager/4.3/proxy-ssh:susemanager-4.3.9.9.30.8 Container Release : 9.30.8 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated From sle-security-updates at lists.suse.com Wed Nov 22 20:30:02 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:30:02 -0000 Subject: SUSE-SU-2023:4533-1: important: Security update for MozillaFirefox Message-ID: <170068500289.4371.15452239749675679623@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:4533-1 Rating: important References: * bsc#1216338 * bsc#1217230 Cross-References: * CVE-2023-5721 * CVE-2023-5724 * CVE-2023-5725 * CVE-2023-5726 * CVE-2023-5727 * CVE-2023-5728 * CVE-2023-5730 * CVE-2023-5732 CVSS scores: * CVE-2023-5721 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5721 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-5724 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5724 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5725 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5725 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2023-5726 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5726 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-5727 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-5728 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5728 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5730 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5730 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5732 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5732 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 115.5.0 ESR Placeholder changelog-entry (bsc#1217230) * Fixed: Various security fixes and other quality improvements. MFSA 2023-46 (bsc#1216338) * CVE-2023-5721: Queued up rendering could have allowed websites to clickjack * CVE-2023-5732: Address bar spoofing via bidirectional characters * CVE-2023-5724: Large WebGL draw could have led to a crash * CVE-2023-5725: WebExtensions could open arbitrary URLs * CVE-2023-5726: Full screen notification obscured by file open dialog on macOS * CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4533=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4533=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4533=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * MozillaFirefox-translations-common-115.5.0-150000.150.116.1 * MozillaFirefox-translations-other-115.5.0-150000.150.116.1 * MozillaFirefox-debugsource-115.5.0-150000.150.116.1 * MozillaFirefox-115.5.0-150000.150.116.1 * MozillaFirefox-debuginfo-115.5.0-150000.150.116.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.5.0-150000.150.116.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-115.5.0-150000.150.116.1 * MozillaFirefox-translations-other-115.5.0-150000.150.116.1 * MozillaFirefox-debugsource-115.5.0-150000.150.116.1 * MozillaFirefox-115.5.0-150000.150.116.1 * MozillaFirefox-debuginfo-115.5.0-150000.150.116.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.5.0-150000.150.116.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * MozillaFirefox-translations-common-115.5.0-150000.150.116.1 * MozillaFirefox-translations-other-115.5.0-150000.150.116.1 * MozillaFirefox-debugsource-115.5.0-150000.150.116.1 * MozillaFirefox-115.5.0-150000.150.116.1 * MozillaFirefox-debuginfo-115.5.0-150000.150.116.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * MozillaFirefox-devel-115.5.0-150000.150.116.1 * SUSE CaaS Platform 4.0 (x86_64) * MozillaFirefox-translations-common-115.5.0-150000.150.116.1 * MozillaFirefox-translations-other-115.5.0-150000.150.116.1 * MozillaFirefox-debugsource-115.5.0-150000.150.116.1 * MozillaFirefox-115.5.0-150000.150.116.1 * MozillaFirefox-debuginfo-115.5.0-150000.150.116.1 * SUSE CaaS Platform 4.0 (noarch) * MozillaFirefox-devel-115.5.0-150000.150.116.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5721.html * https://www.suse.com/security/cve/CVE-2023-5724.html * https://www.suse.com/security/cve/CVE-2023-5725.html * https://www.suse.com/security/cve/CVE-2023-5726.html * https://www.suse.com/security/cve/CVE-2023-5727.html * https://www.suse.com/security/cve/CVE-2023-5728.html * https://www.suse.com/security/cve/CVE-2023-5730.html * https://www.suse.com/security/cve/CVE-2023-5732.html * https://bugzilla.suse.com/show_bug.cgi?id=1216338 * https://bugzilla.suse.com/show_bug.cgi?id=1217230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 22 20:30:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Nov 2023 20:30:04 -0000 Subject: SUSE-SU-2023:4532-1: important: Security update for MozillaFirefox Message-ID: <170068500492.4371.7044223175016964945@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:4532-1 Rating: important References: * bsc#1216338 * bsc#1217230 Cross-References: * CVE-2023-5721 * CVE-2023-5724 * CVE-2023-5725 * CVE-2023-5726 * CVE-2023-5727 * CVE-2023-5728 * CVE-2023-5730 * CVE-2023-5732 CVSS scores: * CVE-2023-5721 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5721 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-5724 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5724 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5725 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5725 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2023-5726 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5726 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-5727 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-5728 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5728 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5730 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5730 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5732 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5732 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves eight vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 115.5.0 ESR Placeholder changelog-entry (bsc#1217230) * Fixed: Various security fixes and other quality improvements. MFSA 2023-46 (bsc#1216338) * CVE-2023-5721: Queued up rendering could have allowed websites to clickjack * CVE-2023-5732: Address bar spoofing via bidirectional characters * CVE-2023-5724: Large WebGL draw could have led to a crash * CVE-2023-5725: WebExtensions could open arbitrary URLs * CVE-2023-5726: Full screen notification obscured by file open dialog on macOS * CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4532=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4532=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4532=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4532=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-115.5.0-112.191.1 * MozillaFirefox-debuginfo-115.5.0-112.191.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * MozillaFirefox-devel-115.5.0-112.191.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-115.5.0-112.191.1 * MozillaFirefox-debugsource-115.5.0-112.191.1 * MozillaFirefox-translations-common-115.5.0-112.191.1 * MozillaFirefox-debuginfo-115.5.0-112.191.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * MozillaFirefox-devel-115.5.0-112.191.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.5.0-112.191.1 * MozillaFirefox-debugsource-115.5.0-112.191.1 * MozillaFirefox-translations-common-115.5.0-112.191.1 * MozillaFirefox-debuginfo-115.5.0-112.191.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * MozillaFirefox-devel-115.5.0-112.191.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-115.5.0-112.191.1 * MozillaFirefox-debugsource-115.5.0-112.191.1 * MozillaFirefox-translations-common-115.5.0-112.191.1 * MozillaFirefox-debuginfo-115.5.0-112.191.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * MozillaFirefox-devel-115.5.0-112.191.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5721.html * https://www.suse.com/security/cve/CVE-2023-5724.html * https://www.suse.com/security/cve/CVE-2023-5725.html * https://www.suse.com/security/cve/CVE-2023-5726.html * https://www.suse.com/security/cve/CVE-2023-5727.html * https://www.suse.com/security/cve/CVE-2023-5728.html * https://www.suse.com/security/cve/CVE-2023-5730.html * https://www.suse.com/security/cve/CVE-2023-5732.html * https://bugzilla.suse.com/show_bug.cgi?id=1216338 * https://bugzilla.suse.com/show_bug.cgi?id=1217230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 23 08:02:38 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:02:38 +0100 (CET) Subject: SUSE-CU-2023:3830-1: Security update of bci/openjdk-devel Message-ID: <20231123080238.5DF91F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3830-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.84 Container Release : 10.84 Severity : moderate Type : security References : 1162112 1216529 CVE-2023-46122 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4527-1 Released: Wed Nov 22 14:38:50 2023 Summary: Security update for maven, maven-resolver, sbt, xmvn Type: security Severity: moderate References: 1162112,1216529,CVE-2023-46122 This update for maven, maven-resolver, sbt, xmvn fixes the following issues: - CVE-2023-46122: Fixed an arbitrary file write when extracting a crafted zip file with sbt (bsc#1216529). - Upgraded maven to version 3.9.4 - Upgraded maven-resolver to version 1.9.15. The following package changes have been done: - libxml2-2-2.10.3-150500.5.11.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - maven-resolver-api-1.9.15-150200.3.14.2 updated - maven-resolver-util-1.9.15-150200.3.14.2 updated - maven-resolver-spi-1.9.15-150200.3.14.2 updated - maven-resolver-named-locks-1.9.15-150200.3.14.2 updated - maven-resolver-transport-file-1.9.15-150200.3.14.2 updated - maven-resolver-connector-basic-1.9.15-150200.3.14.2 updated - maven-resolver-transport-wagon-1.9.15-150200.3.14.2 updated - maven-resolver-impl-1.9.15-150200.3.14.2 updated - maven-resolver-transport-http-1.9.15-150200.3.14.2 updated - maven-lib-3.9.4-150200.4.18.1 updated - maven-3.9.4-150200.4.18.1 updated - container:bci-openjdk-11-15.5.11-11.41 updated From sle-security-updates at lists.suse.com Thu Nov 23 08:02:57 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:02:57 +0100 (CET) Subject: SUSE-CU-2023:3831-1: Security update of bci/openjdk-devel Message-ID: <20231123080257.60CD4F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3831-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.79 , bci/openjdk-devel:latest Container Release : 12.79 Severity : moderate Type : security References : 1162112 1216529 CVE-2023-46122 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4527-1 Released: Wed Nov 22 14:38:50 2023 Summary: Security update for maven, maven-resolver, sbt, xmvn Type: security Severity: moderate References: 1162112,1216529,CVE-2023-46122 This update for maven, maven-resolver, sbt, xmvn fixes the following issues: - CVE-2023-46122: Fixed an arbitrary file write when extracting a crafted zip file with sbt (bsc#1216529). - Upgraded maven to version 3.9.4 - Upgraded maven-resolver to version 1.9.15. The following package changes have been done: - libxml2-2-2.10.3-150500.5.11.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - maven-resolver-api-1.9.15-150200.3.14.2 updated - maven-resolver-util-1.9.15-150200.3.14.2 updated - maven-resolver-spi-1.9.15-150200.3.14.2 updated - maven-resolver-named-locks-1.9.15-150200.3.14.2 updated - maven-resolver-transport-file-1.9.15-150200.3.14.2 updated - maven-resolver-connector-basic-1.9.15-150200.3.14.2 updated - maven-resolver-transport-wagon-1.9.15-150200.3.14.2 updated - maven-resolver-impl-1.9.15-150200.3.14.2 updated - maven-resolver-transport-http-1.9.15-150200.3.14.2 updated - maven-lib-3.9.4-150200.4.18.1 updated - maven-3.9.4-150200.4.18.1 updated - container:bci-openjdk-17-15.5.17-12.39 updated From sle-security-updates at lists.suse.com Thu Nov 23 08:03:56 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:03:56 +0100 (CET) Subject: SUSE-CU-2023:3835-1: Security update of bci/python Message-ID: <20231123080356.4C4F8F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3835-1 Container Tags : bci/python:3 , bci/python:3-14.33 , bci/python:3.6 , bci/python:3.6-14.33 Container Release : 14.33 Severity : moderate Type : security References : 1206667 CVE-2022-40897 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). The following package changes have been done: - libxml2-2-2.10.3-150500.5.11.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - container:sles15-image-15.0.0-36.5.57 updated From sle-security-updates at lists.suse.com Thu Nov 23 08:04:33 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:04:33 +0100 (CET) Subject: SUSE-CU-2023:3838-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231123080433.C234CF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3838-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.10 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.10 Container Release : 9.40.10 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated From sle-security-updates at lists.suse.com Thu Nov 23 08:04:39 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:04:39 +0100 (CET) Subject: SUSE-CU-2023:3839-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231123080439.A323DFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3839-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.9 , suse/manager/4.3/proxy-salt-broker:4.3.9.9.30.10 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9.9.30.10 Container Release : 9.30.10 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated From sle-security-updates at lists.suse.com Thu Nov 23 08:04:47 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:04:47 +0100 (CET) Subject: SUSE-CU-2023:3840-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20231123080447.07885FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3840-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.9 , suse/manager/4.3/proxy-squid:4.3.9.9.39.8 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.9 , suse/manager/4.3/proxy-squid:susemanager-4.3.9.9.39.8 Container Release : 9.39.8 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated From sle-security-updates at lists.suse.com Thu Nov 23 08:04:53 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:04:53 +0100 (CET) Subject: SUSE-CU-2023:3841-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231123080453.789E6F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3841-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.9 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.9 Container Release : 9.30.9 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated From sle-security-updates at lists.suse.com Thu Nov 23 08:05:29 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:05:29 +0100 (CET) Subject: SUSE-CU-2023:3842-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231123080529.B2825FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3842-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.496 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.496 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4519-1 Released: Tue Nov 21 17:39:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.82.1 updated - libopenssl1_1-1.1.1d-150200.11.82.1 updated - openssl-1_1-1.1.1d-150200.11.82.1 updated - container:sles15-image-15.0.0-17.20.215 updated From sle-security-updates at lists.suse.com Thu Nov 23 08:06:01 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:06:01 +0100 (CET) Subject: SUSE-CU-2023:3843-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231123080601.12593F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3843-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.318 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.318 Severity : important Type : security References : 1216922 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4519-1 Released: Tue Nov 21 17:39:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.82.1 updated - libopenssl1_1-1.1.1d-150200.11.82.1 updated - openssl-1_1-1.1.1d-150200.11.82.1 updated - container:sles15-image-15.0.0-17.20.215 updated From sle-security-updates at lists.suse.com Thu Nov 23 09:00:36 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Nov 2023 10:00:36 +0100 (CET) Subject: SUSE-CU-2023:3846-1: Security update of suse/sle15 Message-ID: <20231123090036.5EF1BFDDB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3846-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.373 Container Release : 9.5.373 Severity : important Type : security References : 1212475 1213865 1216922 CVE-2018-7738 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4511-1 Released: Tue Nov 21 16:43:08 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4512-1 Released: Tue Nov 21 17:25:02 2023 Summary: Security update for util-linux Type: security Severity: important References: 1213865,CVE-2018-7738 This update for util-linux fixes the following issues: - CVE-2018-7738: Fixed shell code injection in umount bash-completions (bsc#1213865). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4519-1 Released: Tue Nov 21 17:39:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.44.1 updated - libblkid1-2.33.2-150100.4.40.1 updated - libfdisk1-2.33.2-150100.4.40.1 updated - libmount1-2.33.2-150100.4.40.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.82.1 updated - libopenssl1_1-1.1.1d-150200.11.82.1 updated - libsmartcols1-2.33.2-150100.4.40.1 updated - libuuid1-2.33.2-150100.4.40.1 updated - openssl-1_1-1.1.1d-150200.11.82.1 updated - util-linux-2.33.2-150100.4.40.1 updated From sle-security-updates at lists.suse.com Thu Nov 23 08:59:13 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:59:13 +0100 (CET) Subject: SUSE-CU-2023:3845-1: Security update of suse/sle15 Message-ID: <20231123085913.5178DFDD6@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3845-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.846 Container Release : 6.2.846 Severity : important Type : security References : 1212475 1213865 1216922 CVE-2018-7738 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4511-1 Released: Tue Nov 21 16:43:08 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4512-1 Released: Tue Nov 21 17:25:02 2023 Summary: Security update for util-linux Type: security Severity: important References: 1213865,CVE-2018-7738 This update for util-linux fixes the following issues: - CVE-2018-7738: Fixed shell code injection in umount bash-completions (bsc#1213865). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4520-1 Released: Tue Nov 21 17:42:13 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.44.1 updated - libblkid1-2.33.2-150100.4.40.1 updated - libfdisk1-2.33.2-150100.4.40.1 updated - libmount1-2.33.2-150100.4.40.1 updated - libopenssl1_1-1.1.0i-150100.14.68.1 updated - libsmartcols1-2.33.2-150100.4.40.1 updated - libuuid1-2.33.2-150100.4.40.1 updated - openssl-1_1-1.1.0i-150100.14.68.1 updated - util-linux-2.33.2-150100.4.40.1 updated From sle-security-updates at lists.suse.com Thu Nov 23 08:57:12 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Nov 2023 09:57:12 +0100 (CET) Subject: SUSE-CU-2023:3844-1: Security update of suse/sles12sp5 Message-ID: <20231123085712.01090FD1F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3844-1 Container Tags : suse/sles12sp5:6.5.537 , suse/sles12sp5:latest Container Release : 6.5.537 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216129 1216664 1216922 CVE-2023-4039 CVE-2023-45322 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4480-1 Released: Mon Nov 20 10:15:33 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4505-1 Released: Tue Nov 21 13:30:43 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4523-1 Released: Tue Nov 21 17:50:16 2023 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). The following package changes have been done: - libgcc_s1-13.2.1+git7813-1.10.1 updated - libopenssl1_0_0-1.0.2p-3.87.1 updated - libstdc++6-13.2.1+git7813-1.10.1 updated - libxml2-2-2.9.4-46.68.2 updated - openssl-1_0_0-1.0.2p-3.87.1 updated From sle-security-updates at lists.suse.com Thu Nov 23 12:30:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Nov 2023 12:30:06 -0000 Subject: SUSE-SU-2023:4537-1: moderate: Security update for libxml2 Message-ID: <170074260622.22711.3118876108446065590@smelt2.prg2.suse.org> # Security update for libxml2 Announcement ID: SUSE-SU-2023:4537-1 Rating: moderate References: * bsc#1216129 Cross-References: * CVE-2023-45322 CVSS scores: * CVE-2023-45322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-45322 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Python 3 Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4537=1 openSUSE-SLE-15.4-2023-4537=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4537=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4537=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4537=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4537=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4537=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4537=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4537=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4537=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-devel-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python311-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python311-libxml2-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * openSUSE Leap 15.4 (x86_64) * libxml2-2-32bit-debuginfo-2.9.14-150400.5.25.1 * libxml2-2-32bit-2.9.14-150400.5.25.1 * libxml2-devel-32bit-2.9.14-150400.5.25.1 * openSUSE Leap 15.4 (noarch) * libxml2-doc-2.9.14-150400.5.25.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libxml2-devel-64bit-2.9.14-150400.5.25.1 * libxml2-2-64bit-debuginfo-2.9.14-150400.5.25.1 * libxml2-2-64bit-2.9.14-150400.5.25.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-devel-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * Basesystem Module 15-SP4 (x86_64) * libxml2-2-32bit-debuginfo-2.9.14-150400.5.25.1 * libxml2-2-32bit-2.9.14-150400.5.25.1 * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-libxml2-debuginfo-2.9.14-150400.5.25.1 * python311-libxml2-2.9.14-150400.5.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45322.html * https://bugzilla.suse.com/show_bug.cgi?id=1216129 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 08:07:25 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:07:25 +0100 (CET) Subject: SUSE-CU-2023:3856-1: Security update of bci/bci-init Message-ID: <20231124080725.BA2A3F3CA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3856-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.31 Container Release : 30.31 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - container:sles15-image-15.0.0-27.14.122 updated From sle-security-updates at lists.suse.com Fri Nov 24 08:07:49 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:07:49 +0100 (CET) Subject: SUSE-CU-2023:3857-1: Security update of bci/nodejs Message-ID: <20231124080749.ACC28FD1F@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3857-1 Container Tags : bci/node:16 , bci/node:16-18.26 , bci/nodejs:16 , bci/nodejs:16-18.26 Container Release : 18.26 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - container:sles15-image-15.0.0-27.14.122 updated From sle-security-updates at lists.suse.com Fri Nov 24 08:08:35 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:08:35 +0100 (CET) Subject: SUSE-CU-2023:3858-1: Security update of suse/pcp Message-ID: <20231124080835.BE6E5FD1F@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3858-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.197 , suse/pcp:5.2 , suse/pcp:5.2-17.197 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.197 Container Release : 17.197 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - container:bci-bci-init-15.4-15.4-30.31 updated From sle-security-updates at lists.suse.com Fri Nov 24 08:09:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:09:09 +0100 (CET) Subject: SUSE-CU-2023:3859-1: Security update of bci/python Message-ID: <20231124080909.1900BFD1F@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3859-1 Container Tags : bci/python:3 , bci/python:3-16.28 , bci/python:3.10 , bci/python:3.10-16.28 Container Release : 16.28 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - container:sles15-image-15.0.0-27.14.122 updated From sle-security-updates at lists.suse.com Fri Nov 24 08:09:39 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:09:39 +0100 (CET) Subject: SUSE-CU-2023:3860-1: Security update of suse/sle15 Message-ID: <20231124080939.A4F9BF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3860-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.122 , suse/sle15:15.4 , suse/sle15:15.4.27.14.122 Container Release : 27.14.122 Severity : moderate Type : security References : 1041742 1203760 1212422 1215979 1216091 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - libzypp-17.31.22-150400.3.43.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-security-updates at lists.suse.com Fri Nov 24 08:14:20 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:14:20 +0100 (CET) Subject: SUSE-CU-2023:3886-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231124081420.BB771FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3886-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.12 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.12 Container Release : 9.40.12 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - python3-libxml2-2.9.14-150400.5.25.1 updated From sle-security-updates at lists.suse.com Fri Nov 24 08:14:26 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 09:14:26 +0100 (CET) Subject: SUSE-CU-2023:3887-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20231124081426.B4E7BF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3887-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.9 , suse/manager/4.3/proxy-ssh:4.3.9.9.30.10 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.9 , suse/manager/4.3/proxy-ssh:susemanager-4.3.9.9.30.10 Container Release : 9.30.10 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated From sle-security-updates at lists.suse.com Fri Nov 24 12:30:08 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:08 -0000 Subject: SUSE-SU-2023:4551-1: important: Security update for MozillaFirefox Message-ID: <170082900899.29207.18058623259982452485@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:4551-1 Rating: important References: * bsc#1216338 * bsc#1217230 Cross-References: * CVE-2023-5721 * CVE-2023-5724 * CVE-2023-5725 * CVE-2023-5726 * CVE-2023-5727 * CVE-2023-5728 * CVE-2023-5730 * CVE-2023-5732 CVSS scores: * CVE-2023-5721 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5721 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-5724 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5724 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5725 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5725 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2023-5726 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5726 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-5727 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-5728 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5728 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5730 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5730 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5732 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5732 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves eight vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 115.5.0 ESR Placeholder changelog-entry (bsc#1217230) * Fixed: Various security fixes and other quality improvements. MFSA 2023-46 (bsc#1216338) * CVE-2023-5721: Queued up rendering could have allowed websites to clickjack * CVE-2023-5732: Address bar spoofing via bidirectional characters * CVE-2023-5724: Large WebGL draw could have led to a crash * CVE-2023-5725: WebExtensions could open arbitrary URLs * CVE-2023-5726: Full screen notification obscured by file open dialog on macOS * CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4551=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4551=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4551=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4551=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4551=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4551=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4551=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4551=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4551=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4551=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4551=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4551=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-branding-upstream-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * openSUSE Leap 15.4 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-branding-upstream-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * Desktop Applications Module 15-SP4 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5721.html * https://www.suse.com/security/cve/CVE-2023-5724.html * https://www.suse.com/security/cve/CVE-2023-5725.html * https://www.suse.com/security/cve/CVE-2023-5726.html * https://www.suse.com/security/cve/CVE-2023-5727.html * https://www.suse.com/security/cve/CVE-2023-5728.html * https://www.suse.com/security/cve/CVE-2023-5730.html * https://www.suse.com/security/cve/CVE-2023-5732.html * https://bugzilla.suse.com/show_bug.cgi?id=1216338 * https://bugzilla.suse.com/show_bug.cgi?id=1217230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 12:30:12 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:12 -0000 Subject: SUSE-SU-2023:4550-1: moderate: Security update for fdo-client Message-ID: <170082901234.29207.18297844606366016408@smelt2.prg2.suse.org> # Security update for fdo-client Announcement ID: SUSE-SU-2023:4550-1 Rating: moderate References: * bsc#1216293 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that has one security fix can now be installed. ## Description: This update for fdo-client fixes the following issues: * Removed build key via utils/keys_gen.sh. (bsc#1216293) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4550=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150500.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150500.3.3.1 * fdo-client-devel-1.0.0+git20210816.baa09b5-150500.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216293 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 12:30:14 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:14 -0000 Subject: SUSE-SU-2023:4549-1: moderate: Security update for fdo-client Message-ID: <170082901454.29207.16123982836985813662@smelt2.prg2.suse.org> # Security update for fdo-client Announcement ID: SUSE-SU-2023:4549-1 Rating: moderate References: * bsc#1216293 Affected Products: * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one security fix can now be installed. ## Description: This update for fdo-client fixes the following issues: * Removed build key via utils/keys_gen.sh. (bsc#1216293) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4549=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4549=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4549=1 ## Package List: * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216293 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 12:30:17 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:17 -0000 Subject: SUSE-SU-2023:4548-1: moderate: Security update for fdo-client Message-ID: <170082901743.29207.8828455945690547795@smelt2.prg2.suse.org> # Security update for fdo-client Announcement ID: SUSE-SU-2023:4548-1 Rating: moderate References: * bsc#1216293 Affected Products: * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that has one security fix can now be installed. ## Description: This update for fdo-client fixes the following issues: * Removed build key via utils/keys_gen.sh. (bsc#1216293) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4548=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4548=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4548=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216293 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 12:30:20 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:20 -0000 Subject: SUSE-SU-2023:4547-1: moderate: Security update for fdo-client Message-ID: <170082902021.29207.6054617828561853725@smelt2.prg2.suse.org> # Security update for fdo-client Announcement ID: SUSE-SU-2023:4547-1 Rating: moderate References: * bsc#1216293 Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that has one security fix can now be installed. ## Description: This update for fdo-client fixes the following issues: * Removed build key via utils/keys_gen.sh. (bsc#1216293) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4547=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4547=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * fdo-client-1.0.0+git20210816.baa09b5-150300.3.3.1 * fdo-client-devel-1.0.0+git20210816.baa09b5-150300.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150300.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * fdo-client-1.0.0+git20210816.baa09b5-150300.3.3.1 * fdo-client-devel-1.0.0+git20210816.baa09b5-150300.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150300.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150300.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216293 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 12:30:23 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:23 -0000 Subject: SUSE-SU-2023:4546-1: moderate: Security update for poppler Message-ID: <170082902356.29207.16541964261549867452@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:4546-1 Rating: moderate References: * bsc#1128114 * bsc#1129202 * bsc#1143570 * bsc#1214256 * bsc#1214723 * bsc#1214726 Cross-References: * CVE-2019-14292 * CVE-2019-9545 * CVE-2019-9631 * CVE-2020-36023 * CVE-2022-37052 * CVE-2022-48545 CVSS scores: * CVE-2019-14292 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-14292 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-9545 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-9545 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2019-9631 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-9631 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2020-36023 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-36023 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-48545 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-48545 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2019-9545: Fixed a potential crash due to uncontrolled recursion in the JBIG parser (bsc#1128114). * CVE-2019-9631: Fixed an out of bounds read when converting a PDF to an image (bsc#1129202). * CVE-2022-37052: Fixed a reachable assertion when extracting pages of a PDf file (bsc#1214726). * CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph (bsc#1214256). * CVE-2019-14292: Fixed an out of bounds read in GfxState.cc (bsc#1143570). * CVE-2022-48545: Fixed an infinite recursion in Catalog::findDestInTree which can cause denial of service (bsc#1214723). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4546=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler44-debuginfo-0.24.4-14.41.1 * libpoppler44-0.24.4-14.41.1 ## References: * https://www.suse.com/security/cve/CVE-2019-14292.html * https://www.suse.com/security/cve/CVE-2019-9545.html * https://www.suse.com/security/cve/CVE-2019-9631.html * https://www.suse.com/security/cve/CVE-2020-36023.html * https://www.suse.com/security/cve/CVE-2022-37052.html * https://www.suse.com/security/cve/CVE-2022-48545.html * https://bugzilla.suse.com/show_bug.cgi?id=1128114 * https://bugzilla.suse.com/show_bug.cgi?id=1129202 * https://bugzilla.suse.com/show_bug.cgi?id=1143570 * https://bugzilla.suse.com/show_bug.cgi?id=1214256 * https://bugzilla.suse.com/show_bug.cgi?id=1214723 * https://bugzilla.suse.com/show_bug.cgi?id=1214726 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 12:30:26 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:26 -0000 Subject: SUSE-SU-2023:4545-1: important: Security update for squid Message-ID: <170082902628.29207.2763713371827002853@smelt2.prg2.suse.org> # Security update for squid Announcement ID: SUSE-SU-2023:4545-1 Rating: important References: * bsc#1216926 * bsc#1217274 Cross-References: * CVE-2023-46728 CVSS scores: * CVE-2023-46728 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46728 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-46728: Remove gopher support (bsc#1216926). * Fixed overread in HTTP request header parsing (bsc#1217274). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4545=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4545=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4545=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * squid-debuginfo-4.17-4.33.1 * squid-debugsource-4.17-4.33.1 * squid-4.17-4.33.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * squid-debuginfo-4.17-4.33.1 * squid-debugsource-4.17-4.33.1 * squid-4.17-4.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * squid-debuginfo-4.17-4.33.1 * squid-debugsource-4.17-4.33.1 * squid-4.17-4.33.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46728.html * https://bugzilla.suse.com/show_bug.cgi?id=1216926 * https://bugzilla.suse.com/show_bug.cgi?id=1217274 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 12:30:28 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:28 -0000 Subject: SUSE-SU-2023:4544-1: important: Security update for squid Message-ID: <170082902871.29207.15446109329688160006@smelt2.prg2.suse.org> # Security update for squid Announcement ID: SUSE-SU-2023:4544-1 Rating: important References: * bsc#1216926 * bsc#1217274 Cross-References: * CVE-2023-46728 CVSS scores: * CVE-2023-46728 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46728 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-46728: Remove gopher support (bsc#1216926). * Fixed overread in HTTP request header parsing (bsc#1217274). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4544=1 openSUSE-SLE-15.4-2023-4544=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4544=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4544=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4544=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * squid-5.7-150400.3.15.1 * squid-debuginfo-5.7-150400.3.15.1 * squid-debugsource-5.7-150400.3.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * squid-5.7-150400.3.15.1 * squid-debuginfo-5.7-150400.3.15.1 * squid-debugsource-5.7-150400.3.15.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * squid-5.7-150400.3.15.1 * squid-debuginfo-5.7-150400.3.15.1 * squid-debugsource-5.7-150400.3.15.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * squid-5.7-150400.3.15.1 * squid-debuginfo-5.7-150400.3.15.1 * squid-debugsource-5.7-150400.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46728.html * https://bugzilla.suse.com/show_bug.cgi?id=1216926 * https://bugzilla.suse.com/show_bug.cgi?id=1217274 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 12:30:32 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 12:30:32 -0000 Subject: SUSE-SU-2023:4543-1: important: Security update for xerces-c Message-ID: <170082903215.29207.10505986773760121263@smelt2.prg2.suse.org> # Security update for xerces-c Announcement ID: SUSE-SU-2023:4543-1 Rating: important References: * bsc#1216156 Cross-References: * CVE-2023-37536 CVSS scores: * CVE-2023-37536 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H * CVE-2023-37536 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xerces-c fixes the following issues: * CVE-2023-37536: Fixed an integer overflow that could have led to a out-of- bounds memory accesses (bsc#1216156). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4543=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4543=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4543=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4543=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * xerces-c-debugsource-3.1.1-13.9.1 * xerces-c-debuginfo-3.1.1-13.9.1 * libxerces-c-devel-3.1.1-13.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * xerces-c-debugsource-3.1.1-13.9.1 * xerces-c-debuginfo-3.1.1-13.9.1 * libxerces-c-3_1-debuginfo-3.1.1-13.9.1 * libxerces-c-3_1-3.1.1-13.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libxerces-c-3_1-debuginfo-32bit-3.1.1-13.9.1 * libxerces-c-3_1-32bit-3.1.1-13.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * xerces-c-debugsource-3.1.1-13.9.1 * xerces-c-debuginfo-3.1.1-13.9.1 * libxerces-c-3_1-debuginfo-3.1.1-13.9.1 * libxerces-c-3_1-3.1.1-13.9.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libxerces-c-3_1-debuginfo-32bit-3.1.1-13.9.1 * libxerces-c-3_1-32bit-3.1.1-13.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * xerces-c-debugsource-3.1.1-13.9.1 * xerces-c-debuginfo-3.1.1-13.9.1 * libxerces-c-3_1-debuginfo-3.1.1-13.9.1 * libxerces-c-3_1-3.1.1-13.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libxerces-c-3_1-debuginfo-32bit-3.1.1-13.9.1 * libxerces-c-3_1-32bit-3.1.1-13.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37536.html * https://bugzilla.suse.com/show_bug.cgi?id=1216156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 15:55:59 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:55:59 +0100 (CET) Subject: SUSE-CU-2023:3891-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231124155559.CFDCDFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3891-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.261 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.261 Severity : moderate Type : security References : 1041742 1203760 1212422 1215979 1216091 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - libzypp-17.31.22-150400.3.43.1 updated - zypper-1.14.66-150400.3.35.1 updated - container:sles15-image-15.0.0-27.14.122 updated From sle-security-updates at lists.suse.com Fri Nov 24 15:56:26 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:56:26 +0100 (CET) Subject: SUSE-CU-2023:3892-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231124155626.A8431FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3892-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.158 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.158 Severity : moderate Type : security References : 1041742 1203760 1212422 1215979 1216091 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - libzypp-17.31.22-150400.3.43.1 updated - zypper-1.14.66-150400.3.35.1 updated - container:sles15-image-15.0.0-27.14.122 updated From sle-security-updates at lists.suse.com Fri Nov 24 15:57:05 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:57:05 +0100 (CET) Subject: SUSE-CU-2023:3893-1: Security update of suse/postgres Message-ID: <20231124155705.AD4D0FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3893-1 Container Tags : suse/postgres:14 , suse/postgres:14-24.16 , suse/postgres:14.10 , suse/postgres:14.10-24.16 Container Release : 24.16 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - container:sles15-image-15.0.0-27.14.122 updated From sle-security-updates at lists.suse.com Fri Nov 24 15:57:44 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:57:44 +0100 (CET) Subject: SUSE-CU-2023:3897-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231124155744.07704FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3897-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.9 , suse/manager/4.3/proxy-salt-broker:4.3.9.9.30.13 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9.9.30.13 Container Release : 9.30.13 Severity : moderate Type : security References : 1041742 1203760 1212422 1215979 1216091 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated - libzypp-17.31.22-150400.3.43.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-security-updates at lists.suse.com Fri Nov 24 15:57:52 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:57:52 +0100 (CET) Subject: SUSE-CU-2023:3898-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20231124155752.402F3FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3898-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.9 , suse/manager/4.3/proxy-squid:4.3.9.9.39.10 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.9 , suse/manager/4.3/proxy-squid:susemanager-4.3.9.9.39.10 Container Release : 9.39.10 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated From sle-security-updates at lists.suse.com Fri Nov 24 15:57:58 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 16:57:58 +0100 (CET) Subject: SUSE-CU-2023:3899-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231124155758.867F6FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3899-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.11 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.11 Container Release : 9.30.11 Severity : moderate Type : security References : 1216129 CVE-2023-45322 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libxml2-2-2.9.14-150400.5.25.1 updated From sle-security-updates at lists.suse.com Fri Nov 24 20:30:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:06 -0000 Subject: SUSE-SU-2023:4566-1: important: Security update for slurm_23_02 Message-ID: <170085780677.5769.15404285424521729568@smelt2.prg2.suse.org> # Security update for slurm_23_02 Announcement ID: SUSE-SU-2023:4566-1 Rating: important References: * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 15-SP4 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm_23_02 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could have led to an attacker taking control of an arbitrary file, or removing entire directoy contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4566=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4566=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-4566=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4566=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4566=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-rest-23.02.6-150300.7.14.1 * slurm_23_02-cray-23.02.6-150300.7.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150300.7.14.1 * slurm_23_02-debugsource-23.02.6-150300.7.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-hdf5-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-23.02.6-150300.7.14.1 * slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-devel-23.02.6-150300.7.14.1 * slurm_23_02-plugins-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-lua-23.02.6-150300.7.14.1 * slurm_23_02-torque-23.02.6-150300.7.14.1 * slurm_23_02-testsuite-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150300.7.14.1 * libslurm39-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-23.02.6-150300.7.14.1 * slurm_23_02-sview-23.02.6-150300.7.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-23.02.6-150300.7.14.1 * libslurm39-23.02.6-150300.7.14.1 * libpmi0_23_02-23.02.6-150300.7.14.1 * slurm_23_02-hdf5-23.02.6-150300.7.14.1 * slurm_23_02-node-23.02.6-150300.7.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-23.02.6-150300.7.14.1 * libpmi0_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * openSUSE Leap 15.3 (noarch) * slurm_23_02-config-23.02.6-150300.7.14.1 * slurm_23_02-doc-23.02.6-150300.7.14.1 * slurm_23_02-openlava-23.02.6-150300.7.14.1 * slurm_23_02-sjstat-23.02.6-150300.7.14.1 * slurm_23_02-seff-23.02.6-150300.7.14.1 * slurm_23_02-webdoc-23.02.6-150300.7.14.1 * slurm_23_02-config-man-23.02.6-150300.7.14.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-rest-23.02.6-150300.7.14.1 * slurm_23_02-cray-23.02.6-150300.7.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150300.7.14.1 * slurm_23_02-debugsource-23.02.6-150300.7.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-23.02.6-150300.7.14.1 * slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-devel-23.02.6-150300.7.14.1 * slurm_23_02-plugins-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-lua-23.02.6-150300.7.14.1 * slurm_23_02-torque-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150300.7.14.1 * libslurm39-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-23.02.6-150300.7.14.1 * slurm_23_02-sview-23.02.6-150300.7.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-23.02.6-150300.7.14.1 * libslurm39-23.02.6-150300.7.14.1 * libpmi0_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-23.02.6-150300.7.14.1 * libpmi0_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-23.02.6-150300.7.14.1 * openSUSE Leap 15.4 (noarch) * slurm_23_02-config-23.02.6-150300.7.14.1 * slurm_23_02-webdoc-23.02.6-150300.7.14.1 * slurm_23_02-doc-23.02.6-150300.7.14.1 * slurm_23_02-config-man-23.02.6-150300.7.14.1 * HPC Module 15-SP4 (aarch64 x86_64) * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-rest-23.02.6-150300.7.14.1 * slurm_23_02-cray-23.02.6-150300.7.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150300.7.14.1 * slurm_23_02-debugsource-23.02.6-150300.7.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-23.02.6-150300.7.14.1 * slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-devel-23.02.6-150300.7.14.1 * slurm_23_02-plugins-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-lua-23.02.6-150300.7.14.1 * slurm_23_02-torque-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150300.7.14.1 * libslurm39-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-23.02.6-150300.7.14.1 * slurm_23_02-sview-23.02.6-150300.7.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-23.02.6-150300.7.14.1 * libslurm39-23.02.6-150300.7.14.1 * libpmi0_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-23.02.6-150300.7.14.1 * libpmi0_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-23.02.6-150300.7.14.1 * HPC Module 15-SP4 (noarch) * slurm_23_02-config-23.02.6-150300.7.14.1 * slurm_23_02-webdoc-23.02.6-150300.7.14.1 * slurm_23_02-doc-23.02.6-150300.7.14.1 * slurm_23_02-config-man-23.02.6-150300.7.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-rest-23.02.6-150300.7.14.1 * slurm_23_02-cray-23.02.6-150300.7.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150300.7.14.1 * slurm_23_02-debugsource-23.02.6-150300.7.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-23.02.6-150300.7.14.1 * slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-devel-23.02.6-150300.7.14.1 * slurm_23_02-plugins-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-lua-23.02.6-150300.7.14.1 * slurm_23_02-torque-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150300.7.14.1 * libslurm39-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-23.02.6-150300.7.14.1 * slurm_23_02-sview-23.02.6-150300.7.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-23.02.6-150300.7.14.1 * libslurm39-23.02.6-150300.7.14.1 * libpmi0_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-23.02.6-150300.7.14.1 * libpmi0_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-23.02.6-150300.7.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * slurm_23_02-config-23.02.6-150300.7.14.1 * slurm_23_02-webdoc-23.02.6-150300.7.14.1 * slurm_23_02-doc-23.02.6-150300.7.14.1 * slurm_23_02-config-man-23.02.6-150300.7.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-rest-23.02.6-150300.7.14.1 * slurm_23_02-cray-23.02.6-150300.7.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150300.7.14.1 * slurm_23_02-debugsource-23.02.6-150300.7.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-23.02.6-150300.7.14.1 * slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-devel-23.02.6-150300.7.14.1 * slurm_23_02-plugins-23.02.6-150300.7.14.1 * libnss_slurm2_23_02-23.02.6-150300.7.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-lua-23.02.6-150300.7.14.1 * slurm_23_02-torque-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150300.7.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150300.7.14.1 * libslurm39-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-munge-23.02.6-150300.7.14.1 * slurm_23_02-sview-23.02.6-150300.7.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-23.02.6-150300.7.14.1 * libslurm39-23.02.6-150300.7.14.1 * libpmi0_23_02-23.02.6-150300.7.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-slurmdbd-23.02.6-150300.7.14.1 * libpmi0_23_02-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150300.7.14.1 * slurm_23_02-node-23.02.6-150300.7.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * slurm_23_02-config-23.02.6-150300.7.14.1 * slurm_23_02-webdoc-23.02.6-150300.7.14.1 * slurm_23_02-doc-23.02.6-150300.7.14.1 * slurm_23_02-config-man-23.02.6-150300.7.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 20:30:10 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:10 -0000 Subject: SUSE-SU-2023:4565-1: important: Security update for slurm_23_02 Message-ID: <170085781070.5769.16491108988322346647@smelt2.prg2.suse.org> # Security update for slurm_23_02 Announcement ID: SUSE-SU-2023:4565-1 Rating: important References: * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm_23_02 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could have led to an attacker taking control of an arbitrary file, or removing entire directoy contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4565=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * slurm_23_02-torque-23.02.6-150200.5.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-auth-none-23.02.6-150200.5.14.1 * perl-slurm_23_02-23.02.6-150200.5.14.1 * libpmi0_23_02-23.02.6-150200.5.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-lua-23.02.6-150200.5.14.1 * libnss_slurm2_23_02-23.02.6-150200.5.14.1 * slurm_23_02-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150200.5.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150200.5.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-plugins-23.02.6-150200.5.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-devel-23.02.6-150200.5.14.1 * slurm_23_02-rest-23.02.6-150200.5.14.1 * libslurm39-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-pam_slurm-23.02.6-150200.5.14.1 * slurm_23_02-debugsource-23.02.6-150200.5.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-sview-23.02.6-150200.5.14.1 * slurm_23_02-node-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-23.02.6-150200.5.14.1 * slurm_23_02-sql-23.02.6-150200.5.14.1 * slurm_23_02-node-23.02.6-150200.5.14.1 * slurm_23_02-cray-23.02.6-150200.5.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150200.5.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-munge-23.02.6-150200.5.14.1 * libslurm39-23.02.6-150200.5.14.1 * libpmi0_23_02-debuginfo-23.02.6-150200.5.14.1 * slurm_23_02-slurmdbd-23.02.6-150200.5.14.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * slurm_23_02-webdoc-23.02.6-150200.5.14.1 * slurm_23_02-config-23.02.6-150200.5.14.1 * slurm_23_02-doc-23.02.6-150200.5.14.1 * slurm_23_02-config-man-23.02.6-150200.5.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 20:30:12 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:12 -0000 Subject: SUSE-SU-2023:4564-1: important: Security update for slurm_23_02 Message-ID: <170085781298.5769.363920123404718427@smelt2.prg2.suse.org> # Security update for slurm_23_02 Announcement ID: SUSE-SU-2023:4564-1 Rating: important References: * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm_23_02 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could have led to an attacker taking control of an arbitrary file, or removing entire directoy contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4564=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libpmi0_23_02-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-rest-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-slurmdbd-23.02.6-150100.3.14.1 * libnss_slurm2_23_02-23.02.6-150100.3.14.1 * perl-slurm_23_02-23.02.6-150100.3.14.1 * slurm_23_02-sql-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-torque-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-cray-23.02.6-150100.3.14.1 * slurm_23_02-munge-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-auth-none-23.02.6-150100.3.14.1 * slurm_23_02-devel-23.02.6-150100.3.14.1 * libpmi0_23_02-23.02.6-150100.3.14.1 * slurm_23_02-munge-23.02.6-150100.3.14.1 * slurm_23_02-debugsource-23.02.6-150100.3.14.1 * slurm_23_02-node-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-plugins-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-pam_slurm-23.02.6-150100.3.14.1 * slurm_23_02-sview-23.02.6-150100.3.14.1 * slurm_23_02-sql-23.02.6-150100.3.14.1 * slurm_23_02-node-23.02.6-150100.3.14.1 * slurm_23_02-torque-23.02.6-150100.3.14.1 * slurm_23_02-sview-debuginfo-23.02.6-150100.3.14.1 * libslurm39-23.02.6-150100.3.14.1 * libnss_slurm2_23_02-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-lua-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-lua-23.02.6-150100.3.14.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-150100.3.14.1 * slurm_23_02-23.02.6-150100.3.14.1 * libslurm39-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-auth-none-debuginfo-23.02.6-150100.3.14.1 * perl-slurm_23_02-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-plugins-23.02.6-150100.3.14.1 * slurm_23_02-rest-23.02.6-150100.3.14.1 * slurm_23_02-debuginfo-23.02.6-150100.3.14.1 * slurm_23_02-cray-debuginfo-23.02.6-150100.3.14.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * slurm_23_02-config-23.02.6-150100.3.14.1 * slurm_23_02-config-man-23.02.6-150100.3.14.1 * slurm_23_02-webdoc-23.02.6-150100.3.14.1 * slurm_23_02-doc-23.02.6-150100.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 20:30:15 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:15 -0000 Subject: SUSE-SU-2023:4563-1: important: Security update for slurm_23_02 Message-ID: <170085781513.5769.4827306550089404288@smelt2.prg2.suse.org> # Security update for slurm_23_02 Announcement ID: SUSE-SU-2023:4563-1 Rating: important References: * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm_23_02 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could have led to an attacker taking control of an arbitrary file, or removing entire directoy contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2023-4563=1 ## Package List: * HPC Module 12 (aarch64 x86_64) * slurm_23_02-munge-23.02.6-3.13.1 * slurm_23_02-auth-none-23.02.6-3.13.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.6-3.13.1 * slurm_23_02-lua-23.02.6-3.13.1 * slurm_23_02-munge-debuginfo-23.02.6-3.13.1 * slurm_23_02-plugins-23.02.6-3.13.1 * slurm_23_02-debuginfo-23.02.6-3.13.1 * slurm_23_02-pam_slurm-debuginfo-23.02.6-3.13.1 * slurm_23_02-sql-23.02.6-3.13.1 * slurm_23_02-debugsource-23.02.6-3.13.1 * slurm_23_02-torque-debuginfo-23.02.6-3.13.1 * slurm_23_02-slurmdbd-23.02.6-3.13.1 * slurm_23_02-plugins-debuginfo-23.02.6-3.13.1 * slurm_23_02-auth-none-debuginfo-23.02.6-3.13.1 * libpmi0_23_02-23.02.6-3.13.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.6-3.13.1 * libnss_slurm2_23_02-debuginfo-23.02.6-3.13.1 * slurm_23_02-devel-23.02.6-3.13.1 * slurm_23_02-node-23.02.6-3.13.1 * slurm_23_02-cray-23.02.6-3.13.1 * slurm_23_02-pam_slurm-23.02.6-3.13.1 * perl-slurm_23_02-debuginfo-23.02.6-3.13.1 * slurm_23_02-sql-debuginfo-23.02.6-3.13.1 * libslurm39-debuginfo-23.02.6-3.13.1 * slurm_23_02-23.02.6-3.13.1 * slurm_23_02-slurmdbd-debuginfo-23.02.6-3.13.1 * perl-slurm_23_02-23.02.6-3.13.1 * slurm_23_02-sview-23.02.6-3.13.1 * slurm_23_02-sview-debuginfo-23.02.6-3.13.1 * libnss_slurm2_23_02-23.02.6-3.13.1 * slurm_23_02-torque-23.02.6-3.13.1 * libslurm39-23.02.6-3.13.1 * slurm_23_02-lua-debuginfo-23.02.6-3.13.1 * slurm_23_02-cray-debuginfo-23.02.6-3.13.1 * libpmi0_23_02-debuginfo-23.02.6-3.13.1 * slurm_23_02-node-debuginfo-23.02.6-3.13.1 * HPC Module 12 (noarch) * slurm_23_02-webdoc-23.02.6-3.13.1 * slurm_23_02-config-man-23.02.6-3.13.1 * slurm_23_02-config-23.02.6-3.13.1 * slurm_23_02-doc-23.02.6-3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 20:30:17 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:17 -0000 Subject: SUSE-SU-2023:4562-1: moderate: Security update for poppler Message-ID: <170085781743.5769.14687090474606941910@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:4562-1 Rating: moderate References: * bsc#1128114 * bsc#1214256 * bsc#1214726 Cross-References: * CVE-2019-9545 * CVE-2020-36023 * CVE-2022-37052 CVSS scores: * CVE-2019-9545 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-9545 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-36023 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-36023 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2019-9545: Fixed an uncontrolled recursion issue that could cause a crash (bsc#1128114). * CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file (bsc#1214726). * CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph (bsc#1214256). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4562=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4562=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4562=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4562=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4562=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4562=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * poppler-debugsource-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 * SUSE Manager Proxy 4.2 (x86_64) * libpoppler-glib-devel-0.79.0-150200.3.26.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.26.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * libpoppler-devel-0.79.0-150200.3.26.1 * poppler-debugsource-0.79.0-150200.3.26.1 * libpoppler-cpp0-0.79.0-150200.3.26.1 * poppler-tools-0.79.0-150200.3.26.1 * libpoppler-glib8-0.79.0-150200.3.26.1 * poppler-tools-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.26.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libpoppler-glib-devel-0.79.0-150200.3.26.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.26.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * libpoppler-devel-0.79.0-150200.3.26.1 * poppler-debugsource-0.79.0-150200.3.26.1 * libpoppler-cpp0-0.79.0-150200.3.26.1 * poppler-tools-0.79.0-150200.3.26.1 * libpoppler-glib8-0.79.0-150200.3.26.1 * poppler-tools-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.26.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libpoppler-glib-devel-0.79.0-150200.3.26.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.26.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * libpoppler-devel-0.79.0-150200.3.26.1 * poppler-debugsource-0.79.0-150200.3.26.1 * libpoppler-cpp0-0.79.0-150200.3.26.1 * poppler-tools-0.79.0-150200.3.26.1 * libpoppler-glib8-0.79.0-150200.3.26.1 * poppler-tools-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.26.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 * openSUSE Leap 15.4 (x86_64) * libpoppler89-32bit-0.79.0-150200.3.26.1 * libpoppler89-32bit-debuginfo-0.79.0-150200.3.26.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * poppler-debugsource-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 ## References: * https://www.suse.com/security/cve/CVE-2019-9545.html * https://www.suse.com/security/cve/CVE-2020-36023.html * https://www.suse.com/security/cve/CVE-2022-37052.html * https://bugzilla.suse.com/show_bug.cgi?id=1128114 * https://bugzilla.suse.com/show_bug.cgi?id=1214256 * https://bugzilla.suse.com/show_bug.cgi?id=1214726 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 20:30:20 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:20 -0000 Subject: SUSE-SU-2023:4561-1: important: Security update for webkit2gtk3 Message-ID: <170085782024.5769.3862537550910512923@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4561-1 Rating: important References: * bsc#1217210 Cross-References: * CVE-2022-32919 * CVE-2022-32933 * CVE-2022-46705 * CVE-2022-46725 * CVE-2023-32359 * CVE-2023-41983 * CVE-2023-42852 CVSS scores: * CVE-2022-46705 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46705 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-32359 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-32359 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-41983 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-41983 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42852 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-42852 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves seven vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.42.2 (bsc#1217210): * CVE-2023-41983: Processing web content may lead to a denial-of-service. * CVE-2023-42852: Processing web content may lead to arbitrary code execution. Already previously fixed: * CVE-2022-32919: Visiting a website that frames malicious content may lead to UI spoofing (fixed already in 2.38.4). * CVE-2022-32933: A website may be able to track the websites a user visited in private browsing mode (fixed already in 2.38.0). * CVE-2022-46705: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2022-46725: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2023-32359: A user???s password may be read aloud by a text-to-speech accessibility feature (fixed already in 2.42.0). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4561=1 openSUSE-SLE-15.4-2023-4561=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4561=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4561=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4561=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4561=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4561=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4561=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4561=1 ## Package List: * openSUSE Leap 15.4 (noarch) * WebKitGTK-4.1-lang-2.42.2-150400.4.64.2 * WebKitGTK-4.0-lang-2.42.2-150400.4.64.2 * WebKitGTK-6.0-lang-2.42.2-150400.4.64.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-WebKit2-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-minibrowser-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk4-minibrowser-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk4-devel-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2-4_1-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * webkit-jsc-6.0-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-2.42.2-150400.4.64.2 * webkit2gtk4-debugsource-2.42.2-150400.4.64.2 * webkit-jsc-6.0-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-2.42.2-150400.4.64.2 * webkit-jsc-4.1-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_1-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-2.42.2-150400.4.64.2 * webkit2gtk3-minibrowser-debuginfo-2.42.2-150400.4.64.2 * webkit-jsc-4-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.2-150400.4.64.2 * webkit2gtk3-minibrowser-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-devel-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-2.42.2-150400.4.64.2 * webkit2gtk4-minibrowser-2.42.2-150400.4.64.2 * typelib-1_0-WebKit-6_0-2.42.2-150400.4.64.2 * typelib-1_0-WebKitWebProcessExtension-6_0-2.42.2-150400.4.64.2 * webkit2gtk3-devel-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-debugsource-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150400.4.64.2 * webkit-jsc-4.1-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-6_0-2.42.2-150400.4.64.2 * webkit2gtk3-debugsource-2.42.2-150400.4.64.2 * webkit-jsc-4-debuginfo-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-minibrowser-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-2.42.2-150400.4.64.2 * openSUSE Leap 15.4 (x86_64) * libjavascriptcoregtk-4_1-0-32bit-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-32bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-32bit-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-32bit-2.42.2-150400.4.64.2 * openSUSE Leap 15.4 (aarch64_ilp32) * libwebkit2gtk-4_0-37-64bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-64bit-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.42.2-150400.4.64.2 * openSUSE Leap 15.5 (noarch) * WebKitGTK-4.1-lang-2.42.2-150400.4.64.2 * WebKitGTK-4.0-lang-2.42.2-150400.4.64.2 * WebKitGTK-6.0-lang-2.42.2-150400.4.64.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-minibrowser-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk4-minibrowser-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk4-devel-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2-4_1-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * webkit-jsc-6.0-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-2.42.2-150400.4.64.2 * webkit2gtk4-debugsource-2.42.2-150400.4.64.2 * webkit-jsc-6.0-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-2.42.2-150400.4.64.2 * webkit-jsc-4.1-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_1-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-2.42.2-150400.4.64.2 * webkit-jsc-4-2.42.2-150400.4.64.2 * webkit2gtk3-minibrowser-debuginfo-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.2-150400.4.64.2 * webkit2gtk3-minibrowser-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-devel-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-2.42.2-150400.4.64.2 * webkit2gtk4-minibrowser-2.42.2-150400.4.64.2 * typelib-1_0-WebKit-6_0-2.42.2-150400.4.64.2 * typelib-1_0-WebKitWebProcessExtension-6_0-2.42.2-150400.4.64.2 * webkit2gtk3-devel-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-debugsource-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150400.4.64.2 * webkit-jsc-4.1-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-6_0-2.42.2-150400.4.64.2 * webkit2gtk3-debugsource-2.42.2-150400.4.64.2 * webkit-jsc-4-debuginfo-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-minibrowser-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-2.42.2-150400.4.64.2 * openSUSE Leap 15.5 (x86_64) * libjavascriptcoregtk-4_1-0-32bit-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-32bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-32bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-32bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.42.2-150400.4.64.2 * openSUSE Leap 15.5 (aarch64_ilp32) * libwebkit2gtk-4_0-37-64bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-64bit-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.42.2-150400.4.64.2 * Basesystem Module 15-SP4 (noarch) * WebKitGTK-4.0-lang-2.42.2-150400.4.64.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-devel-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-debugsource-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150400.4.64.2 * Basesystem Module 15-SP5 (noarch) * WebKitGTK-4.0-lang-2.42.2-150400.4.64.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-devel-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-debugsource-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150400.4.64.2 * Desktop Applications Module 15-SP4 (noarch) * WebKitGTK-4.1-lang-2.42.2-150400.4.64.2 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-debugsource-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_1-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2-4_1-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-2.42.2-150400.4.64.2 * webkit2gtk3-devel-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-2.42.2-150400.4.64.2 * Desktop Applications Module 15-SP5 (noarch) * WebKitGTK-4.1-lang-2.42.2-150400.4.64.2 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-debugsource-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_1-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2-4_1-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-2.42.2-150400.4.64.2 * webkit2gtk3-devel-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-2.42.2-150400.4.64.2 * Development Tools Module 15-SP4 (noarch) * WebKitGTK-6.0-lang-2.42.2-150400.4.64.2 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-6_0-1-debuginfo-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-2.42.2-150400.4.64.2 * webkit2gtk4-debugsource-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-debuginfo-2.42.2-150400.4.64.2 * Development Tools Module 15-SP5 (noarch) * WebKitGTK-6.0-lang-2.42.2-150400.4.64.2 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-6_0-1-debuginfo-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-2.42.2-150400.4.64.2 * webkit2gtk4-debugsource-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-debuginfo-2.42.2-150400.4.64.2 ## References: * https://www.suse.com/security/cve/CVE-2022-32919.html * https://www.suse.com/security/cve/CVE-2022-32933.html * https://www.suse.com/security/cve/CVE-2022-46705.html * https://www.suse.com/security/cve/CVE-2022-46725.html * https://www.suse.com/security/cve/CVE-2023-32359.html * https://www.suse.com/security/cve/CVE-2023-41983.html * https://www.suse.com/security/cve/CVE-2023-42852.html * https://bugzilla.suse.com/show_bug.cgi?id=1217210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 20:30:23 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:23 -0000 Subject: SUSE-SU-2023:4560-1: important: Security update for vim Message-ID: <170085782377.5769.4699374743753725126@smelt2.prg2.suse.org> # Security update for vim Announcement ID: SUSE-SU-2023:4560-1 Rating: important References: * bsc#1215940 * bsc#1216001 * bsc#1216167 * bsc#1216696 Cross-References: * CVE-2023-46246 * CVE-2023-5344 * CVE-2023-5441 * CVE-2023-5535 CVSS scores: * CVE-2023-46246 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-46246 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5344 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5344 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5344 ( NVD ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5441 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5535 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) * CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) * CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) * CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4560=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4560=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4560=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * vim-debugsource-9.0.2103-17.26.1 * vim-debuginfo-9.0.2103-17.26.1 * vim-9.0.2103-17.26.1 * gvim-debuginfo-9.0.2103-17.26.1 * gvim-9.0.2103-17.26.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * vim-data-9.0.2103-17.26.1 * vim-data-common-9.0.2103-17.26.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.2103-17.26.1 * vim-debuginfo-9.0.2103-17.26.1 * vim-9.0.2103-17.26.1 * gvim-debuginfo-9.0.2103-17.26.1 * gvim-9.0.2103-17.26.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * vim-data-9.0.2103-17.26.1 * vim-data-common-9.0.2103-17.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * vim-debugsource-9.0.2103-17.26.1 * vim-debuginfo-9.0.2103-17.26.1 * vim-9.0.2103-17.26.1 * gvim-debuginfo-9.0.2103-17.26.1 * gvim-9.0.2103-17.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * vim-data-9.0.2103-17.26.1 * vim-data-common-9.0.2103-17.26.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46246.html * https://www.suse.com/security/cve/CVE-2023-5344.html * https://www.suse.com/security/cve/CVE-2023-5441.html * https://www.suse.com/security/cve/CVE-2023-5535.html * https://bugzilla.suse.com/show_bug.cgi?id=1215940 * https://bugzilla.suse.com/show_bug.cgi?id=1216001 * https://bugzilla.suse.com/show_bug.cgi?id=1216167 * https://bugzilla.suse.com/show_bug.cgi?id=1216696 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 20:30:25 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:25 -0000 Subject: SUSE-SU-2023:4559-1: important: Security update for webkit2gtk3 Message-ID: <170085782596.5769.10398406377608592258@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4559-1 Rating: important References: * bsc#1216778 * bsc#1217210 Cross-References: * CVE-2022-32919 * CVE-2022-32933 * CVE-2022-46705 * CVE-2022-46725 * CVE-2023-32359 * CVE-2023-41983 * CVE-2023-42852 CVSS scores: * CVE-2022-46705 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46705 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-32359 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-32359 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-41983 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-41983 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42852 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-42852 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves seven vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.42.2 (bsc#1217210): * CVE-2023-41983: Processing web content may lead to a denial-of-service. * CVE-2023-42852: Processing web content may lead to arbitrary code execution. Already previously fixed: * CVE-2022-32919: Visiting a website that frames malicious content may lead to UI spoofing (fixed already in 2.38.4). * CVE-2022-32933: A website may be able to track the websites a user visited in private browsing mode (fixed already in 2.38.0). * CVE-2022-46705: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2022-46725: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2023-32359: A user???s password may be read aloud by a text-to-speech accessibility feature (fixed already in 2.42.0). Bug fixes: * Disable DMABuf renderer for NVIDIA proprietary drivers (bsc#1216778). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4559=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4559=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4559=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libjavascriptcoregtk-4_0-18-2.42.2-150000.3.157.1 * webkit2gtk3-debugsource-2.42.2-150000.3.157.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-2.42.2-150000.3.157.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150000.3.157.1 * webkit2gtk3-devel-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150000.3.157.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * libwebkit2gtk3-lang-2.42.2-150000.3.157.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_0-18-2.42.2-150000.3.157.1 * webkit2gtk3-debugsource-2.42.2-150000.3.157.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-2.42.2-150000.3.157.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150000.3.157.1 * webkit2gtk3-devel-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150000.3.157.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * libwebkit2gtk3-lang-2.42.2-150000.3.157.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libjavascriptcoregtk-4_0-18-2.42.2-150000.3.157.1 * webkit2gtk3-debugsource-2.42.2-150000.3.157.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-2.42.2-150000.3.157.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150000.3.157.1 * webkit2gtk3-devel-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150000.3.157.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * libwebkit2gtk3-lang-2.42.2-150000.3.157.1 * SUSE CaaS Platform 4.0 (x86_64) * libjavascriptcoregtk-4_0-18-2.42.2-150000.3.157.1 * webkit2gtk3-debugsource-2.42.2-150000.3.157.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-2.42.2-150000.3.157.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150000.3.157.1 * webkit2gtk3-devel-2.42.2-150000.3.157.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150000.3.157.1 * typelib-1_0-WebKit2-4_0-2.42.2-150000.3.157.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150000.3.157.1 * SUSE CaaS Platform 4.0 (noarch) * libwebkit2gtk3-lang-2.42.2-150000.3.157.1 ## References: * https://www.suse.com/security/cve/CVE-2022-32919.html * https://www.suse.com/security/cve/CVE-2022-32933.html * https://www.suse.com/security/cve/CVE-2022-46705.html * https://www.suse.com/security/cve/CVE-2022-46725.html * https://www.suse.com/security/cve/CVE-2023-32359.html * https://www.suse.com/security/cve/CVE-2023-41983.html * https://www.suse.com/security/cve/CVE-2023-42852.html * https://bugzilla.suse.com/show_bug.cgi?id=1216778 * https://bugzilla.suse.com/show_bug.cgi?id=1217210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 20:30:28 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:28 -0000 Subject: SUSE-SU-2023:4558-1: important: Security update for webkit2gtk3 Message-ID: <170085782818.5769.5896158914012580656@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4558-1 Rating: important References: * bsc#1216778 * bsc#1217210 Cross-References: * CVE-2022-32919 * CVE-2022-32933 * CVE-2022-46705 * CVE-2022-46725 * CVE-2023-32359 * CVE-2023-41983 * CVE-2023-42852 CVSS scores: * CVE-2022-46705 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46705 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-32359 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-32359 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-41983 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-41983 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42852 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-42852 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves seven vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.42.2 (bsc#1217210): * CVE-2023-41983: Processing web content may lead to a denial-of-service. * CVE-2023-42852: Processing web content may lead to arbitrary code execution. Already previously fixed: * CVE-2022-32919: Visiting a website that frames malicious content may lead to UI spoofing (fixed already in 2.38.4). * CVE-2022-32933: A website may be able to track the websites a user visited in private browsing mode (fixed already in 2.38.0). * CVE-2022-46705: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2022-46725: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2023-32359: A user???s password may be read aloud by a text-to-speech accessibility feature (fixed already in 2.42.0). Bug fixes: * Disable DMABuf renderer for NVIDIA proprietary drivers (bsc#1216778). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4558=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4558=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4558=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4558=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4558=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4558=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4558=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4558=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libwebkit2gtk-4_0-37-2.42.2-150200.91.1 * webkit2gtk3-debugsource-2.42.2-150200.91.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150200.91.1 * libjavascriptcoregtk-4_0-18-2.42.2-150200.91.1 * webkit2gtk3-devel-2.42.2-150200.91.1 * typelib-1_0-WebKit2-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-2.42.2-150200.91.1 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150200.91.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150200.91.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150200.91.1 * SUSE Enterprise Storage 7.1 (noarch) * libwebkit2gtk3-lang-2.42.2-150200.91.1 ## References: * https://www.suse.com/security/cve/CVE-2022-32919.html * https://www.suse.com/security/cve/CVE-2022-32933.html * https://www.suse.com/security/cve/CVE-2022-46705.html * https://www.suse.com/security/cve/CVE-2022-46725.html * https://www.suse.com/security/cve/CVE-2023-32359.html * https://www.suse.com/security/cve/CVE-2023-41983.html * https://www.suse.com/security/cve/CVE-2023-42852.html * https://bugzilla.suse.com/show_bug.cgi?id=1216778 * https://bugzilla.suse.com/show_bug.cgi?id=1217210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Fri Nov 24 20:30:31 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Nov 2023 20:30:31 -0000 Subject: SUSE-SU-2023:4557-1: important: Security update for vim Message-ID: <170085783147.5769.3258644348962975029@smelt2.prg2.suse.org> # Security update for vim Announcement ID: SUSE-SU-2023:4557-1 Rating: important References: * bsc#1214922 * bsc#1214924 * bsc#1214925 * bsc#1215004 * bsc#1215006 * bsc#1215033 * bsc#1215940 * bsc#1216001 * bsc#1216167 * bsc#1216696 Cross-References: * CVE-2023-46246 * CVE-2023-4733 * CVE-2023-4734 * CVE-2023-4735 * CVE-2023-4738 * CVE-2023-4752 * CVE-2023-4781 * CVE-2023-5344 * CVE-2023-5441 * CVE-2023-5535 CVSS scores: * CVE-2023-46246 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-46246 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4733 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2023-4733 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4733 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4734 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-4734 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4734 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4735 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-4735 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4735 ( NVD ): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-4738 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4738 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4738 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4752 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4781 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4781 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4781 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5344 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5344 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5344 ( NVD ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5441 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5535 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: Updated to version 9.0 with patch level 2103, fixes the following security problems * CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) * CVE-2023-5441: vim: segfault in exmode when redrawing (bsc#1216001) * CVE-2023-5535: vim: use-after-free from buf_contents_changed() (bsc#1216167) * CVE-2023-46246: vim: Integer Overflow in :history command (bsc#1216696) * CVE-2023-4738: vim: heap-buffer-overflow in vim_regsub_both (bsc#1214922) * CVE-2023-4735: vim: OOB Write ops.c (bsc#1214924) * CVE-2023-4734: vim: segmentation fault in function f_fullcommand (bsc#1214925) * CVE-2023-4733: vim: use-after-free in function buflist_altfpos (bsc#1215004) * CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp (bsc#1215006) * CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both (bsc#1215033) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4557=1 openSUSE-SLE-15.5-2023-4557=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4557=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4557=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4557=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * vim-9.0.2103-150500.20.6.1 * gvim-debuginfo-9.0.2103-150500.20.6.1 * vim-small-9.0.2103-150500.20.6.1 * gvim-9.0.2103-150500.20.6.1 * vim-debugsource-9.0.2103-150500.20.6.1 * vim-small-debuginfo-9.0.2103-150500.20.6.1 * vim-debuginfo-9.0.2103-150500.20.6.1 * openSUSE Leap 15.5 (noarch) * vim-data-9.0.2103-150500.20.6.1 * vim-data-common-9.0.2103-150500.20.6.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * vim-data-common-9.0.2103-150500.20.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * vim-debugsource-9.0.2103-150500.20.6.1 * vim-small-debuginfo-9.0.2103-150500.20.6.1 * vim-small-9.0.2103-150500.20.6.1 * vim-debuginfo-9.0.2103-150500.20.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * vim-9.0.2103-150500.20.6.1 * vim-small-9.0.2103-150500.20.6.1 * vim-debugsource-9.0.2103-150500.20.6.1 * vim-small-debuginfo-9.0.2103-150500.20.6.1 * vim-debuginfo-9.0.2103-150500.20.6.1 * Basesystem Module 15-SP5 (noarch) * vim-data-9.0.2103-150500.20.6.1 * vim-data-common-9.0.2103-150500.20.6.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.2103-150500.20.6.1 * gvim-debuginfo-9.0.2103-150500.20.6.1 * vim-debuginfo-9.0.2103-150500.20.6.1 * gvim-9.0.2103-150500.20.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46246.html * https://www.suse.com/security/cve/CVE-2023-4733.html * https://www.suse.com/security/cve/CVE-2023-4734.html * https://www.suse.com/security/cve/CVE-2023-4735.html * https://www.suse.com/security/cve/CVE-2023-4738.html * https://www.suse.com/security/cve/CVE-2023-4752.html * https://www.suse.com/security/cve/CVE-2023-4781.html * https://www.suse.com/security/cve/CVE-2023-5344.html * https://www.suse.com/security/cve/CVE-2023-5441.html * https://www.suse.com/security/cve/CVE-2023-5535.html * https://bugzilla.suse.com/show_bug.cgi?id=1214922 * https://bugzilla.suse.com/show_bug.cgi?id=1214924 * https://bugzilla.suse.com/show_bug.cgi?id=1214925 * https://bugzilla.suse.com/show_bug.cgi?id=1215004 * https://bugzilla.suse.com/show_bug.cgi?id=1215006 * https://bugzilla.suse.com/show_bug.cgi?id=1215033 * https://bugzilla.suse.com/show_bug.cgi?id=1215940 * https://bugzilla.suse.com/show_bug.cgi?id=1216001 * https://bugzilla.suse.com/show_bug.cgi?id=1216167 * https://bugzilla.suse.com/show_bug.cgi?id=1216696 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 12:30:15 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:15 -0000 Subject: SUSE-SU-2023:4582-1: important: Security update for slurm_22_05 Message-ID: <170108821532.634.14232481686123414581@smelt2.prg2.suse.org> # Security update for slurm_22_05 Announcement ID: SUSE-SU-2023:4582-1 Rating: important References: * bsc#1208810 * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for slurm_22_05 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). * Add missing Provides:, Conflicts: and Obsoletes: to slurm-cray, slurm-hdf5 and slurm-testsuite to avoid package conflicts (bsc#1208810). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2023-4582=1 ## Package List: * HPC Module 12 (aarch64 x86_64) * slurm_22_05-lua-debuginfo-22.05.10-3.6.1 * slurm_22_05-debugsource-22.05.10-3.6.1 * slurm_22_05-sql-debuginfo-22.05.10-3.6.1 * libslurm38-22.05.10-3.6.1 * slurm_22_05-node-debuginfo-22.05.10-3.6.1 * perl-slurm_22_05-debuginfo-22.05.10-3.6.1 * libpmi0_22_05-debuginfo-22.05.10-3.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-3.6.1 * slurm_22_05-22.05.10-3.6.1 * libslurm38-debuginfo-22.05.10-3.6.1 * slurm_22_05-sview-debuginfo-22.05.10-3.6.1 * slurm_22_05-torque-22.05.10-3.6.1 * slurm_22_05-munge-debuginfo-22.05.10-3.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-3.6.1 * slurm_22_05-torque-debuginfo-22.05.10-3.6.1 * slurm_22_05-auth-none-22.05.10-3.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-3.6.1 * slurm_22_05-slurmdbd-22.05.10-3.6.1 * slurm_22_05-node-22.05.10-3.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-3.6.1 * slurm_22_05-debuginfo-22.05.10-3.6.1 * libpmi0_22_05-22.05.10-3.6.1 * slurm_22_05-sview-22.05.10-3.6.1 * perl-slurm_22_05-22.05.10-3.6.1 * slurm_22_05-munge-22.05.10-3.6.1 * slurm_22_05-lua-22.05.10-3.6.1 * libnss_slurm2_22_05-22.05.10-3.6.1 * slurm_22_05-devel-22.05.10-3.6.1 * slurm_22_05-pam_slurm-22.05.10-3.6.1 * slurm_22_05-sql-22.05.10-3.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-3.6.1 * slurm_22_05-plugins-22.05.10-3.6.1 * HPC Module 12 (noarch) * slurm_22_05-doc-22.05.10-3.6.1 * slurm_22_05-webdoc-22.05.10-3.6.1 * slurm_22_05-config-22.05.10-3.6.1 * slurm_22_05-config-man-22.05.10-3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 12:30:18 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:18 -0000 Subject: SUSE-SU-2023:4581-1: important: Security update for slurm_22_05 Message-ID: <170108821854.634.5846566020364917363@smelt2.prg2.suse.org> # Security update for slurm_22_05 Announcement ID: SUSE-SU-2023:4581-1 Rating: important References: * bsc#1208810 * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for slurm_22_05 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). * Add missing Provides:, Conflicts: and Obsoletes: to slurm-cray, slurm-hdf5 and slurm-testsuite to avoid package conflicts (bsc#1208810). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4581=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * perl-slurm_22_05-22.05.10-150100.3.6.1 * libslurm38-22.05.10-150100.3.6.1 * slurm_22_05-slurmdbd-22.05.10-150100.3.6.1 * slurm_22_05-lua-22.05.10-150100.3.6.1 * slurm_22_05-sview-22.05.10-150100.3.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-22.05.10-150100.3.6.1 * libnss_slurm2_22_05-22.05.10-150100.3.6.1 * libslurm38-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-devel-22.05.10-150100.3.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-plugins-22.05.10-150100.3.6.1 * slurm_22_05-munge-22.05.10-150100.3.6.1 * slurm_22_05-rest-22.05.10-150100.3.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-pam_slurm-22.05.10-150100.3.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-debugsource-22.05.10-150100.3.6.1 * slurm_22_05-torque-22.05.10-150100.3.6.1 * libpmi0_22_05-debuginfo-22.05.10-150100.3.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150100.3.6.1 * perl-slurm_22_05-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-node-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-sql-22.05.10-150100.3.6.1 * slurm_22_05-debuginfo-22.05.10-150100.3.6.1 * libpmi0_22_05-22.05.10-150100.3.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150100.3.6.1 * slurm_22_05-node-22.05.10-150100.3.6.1 * slurm_22_05-auth-none-22.05.10-150100.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * slurm_22_05-doc-22.05.10-150100.3.6.1 * slurm_22_05-webdoc-22.05.10-150100.3.6.1 * slurm_22_05-config-man-22.05.10-150100.3.6.1 * slurm_22_05-config-22.05.10-150100.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 12:30:21 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:21 -0000 Subject: SUSE-SU-2023:4580-1: important: Security update for slurm_22_05 Message-ID: <170108822184.634.8677740386722820743@smelt2.prg2.suse.org> # Security update for slurm_22_05 Announcement ID: SUSE-SU-2023:4580-1 Rating: important References: * bsc#1208810 * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for slurm_22_05 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). * Add missing Provides:, Conflicts: and Obsoletes: to slurm-cray, slurm-hdf5 and slurm-testsuite to avoid package conflicts (bsc#1208810). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4580=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * perl-slurm_22_05-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-debugsource-22.05.10-150200.5.6.1 * slurm_22_05-pam_slurm-22.05.10-150200.5.6.1 * slurm_22_05-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-node-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-node-22.05.10-150200.5.6.1 * slurm_22_05-22.05.10-150200.5.6.1 * slurm_22_05-lua-22.05.10-150200.5.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-rest-22.05.10-150200.5.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-sql-22.05.10-150200.5.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-slurmdbd-22.05.10-150200.5.6.1 * slurm_22_05-munge-22.05.10-150200.5.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150200.5.6.1 * libpmi0_22_05-22.05.10-150200.5.6.1 * libpmi0_22_05-debuginfo-22.05.10-150200.5.6.1 * libslurm38-22.05.10-150200.5.6.1 * slurm_22_05-auth-none-22.05.10-150200.5.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-torque-22.05.10-150200.5.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-devel-22.05.10-150200.5.6.1 * libslurm38-debuginfo-22.05.10-150200.5.6.1 * libnss_slurm2_22_05-22.05.10-150200.5.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-plugins-22.05.10-150200.5.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150200.5.6.1 * slurm_22_05-sview-22.05.10-150200.5.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150200.5.6.1 * perl-slurm_22_05-22.05.10-150200.5.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * slurm_22_05-doc-22.05.10-150200.5.6.1 * slurm_22_05-config-22.05.10-150200.5.6.1 * slurm_22_05-webdoc-22.05.10-150200.5.6.1 * slurm_22_05-config-man-22.05.10-150200.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 12:30:25 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:25 -0000 Subject: SUSE-SU-2023:4579-1: important: Security update for slurm_22_05 Message-ID: <170108822572.634.10281560886931953752@smelt2.prg2.suse.org> # Security update for slurm_22_05 Announcement ID: SUSE-SU-2023:4579-1 Rating: important References: * bsc#1208810 * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 15-SP4 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for slurm_22_05 fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). * Add missing Provides:, Conflicts: and Obsoletes: to slurm-cray, slurm-hdf5 and slurm-testsuite to avoid package conflicts (bsc#1208810). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4579=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4579=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4579=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-4579=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4579=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4579=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * libslurm38-22.05.10-150300.7.6.1 * slurm_22_05-sql-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-openlava-22.05.10-150300.7.6.1 * slurm_22_05-cray-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-22.05.10-150300.7.6.1 * libslurm38-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-node-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-lua-22.05.10-150300.7.6.1 * slurm_22_05-sjstat-22.05.10-150300.7.6.1 * perl-slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-22.05.10-150300.7.6.1 * perl-slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-seff-22.05.10-150300.7.6.1 * slurm_22_05-plugins-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-22.05.10-150300.7.6.1 * slurm_22_05-testsuite-22.05.10-150300.7.6.1 * slurm_22_05-rest-22.05.10-150300.7.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-22.05.10-150300.7.6.1 * slurm_22_05-hdf5-22.05.10-150300.7.6.1 * slurm_22_05-hdf5-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-22.05.10-150300.7.6.1 * slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-devel-22.05.10-150300.7.6.1 * slurm_22_05-debugsource-22.05.10-150300.7.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-cray-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-munge-22.05.10-150300.7.6.1 * slurm_22_05-node-22.05.10-150300.7.6.1 * slurm_22_05-torque-22.05.10-150300.7.6.1 * openSUSE Leap 15.3 (noarch) * slurm_22_05-doc-22.05.10-150300.7.6.1 * slurm_22_05-webdoc-22.05.10-150300.7.6.1 * slurm_22_05-config-22.05.10-150300.7.6.1 * slurm_22_05-config-man-22.05.10-150300.7.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libslurm38-22.05.10-150300.7.6.1 * slurm_22_05-sql-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-openlava-22.05.10-150300.7.6.1 * slurm_22_05-cray-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-22.05.10-150300.7.6.1 * libslurm38-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-node-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-lua-22.05.10-150300.7.6.1 * slurm_22_05-sjstat-22.05.10-150300.7.6.1 * perl-slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-22.05.10-150300.7.6.1 * perl-slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-seff-22.05.10-150300.7.6.1 * slurm_22_05-plugins-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-22.05.10-150300.7.6.1 * slurm_22_05-testsuite-22.05.10-150300.7.6.1 * slurm_22_05-rest-22.05.10-150300.7.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-22.05.10-150300.7.6.1 * slurm_22_05-hdf5-22.05.10-150300.7.6.1 * slurm_22_05-hdf5-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-22.05.10-150300.7.6.1 * slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-devel-22.05.10-150300.7.6.1 * slurm_22_05-debugsource-22.05.10-150300.7.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-cray-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-munge-22.05.10-150300.7.6.1 * slurm_22_05-node-22.05.10-150300.7.6.1 * slurm_22_05-torque-22.05.10-150300.7.6.1 * openSUSE Leap 15.4 (noarch) * slurm_22_05-doc-22.05.10-150300.7.6.1 * slurm_22_05-webdoc-22.05.10-150300.7.6.1 * slurm_22_05-config-22.05.10-150300.7.6.1 * slurm_22_05-config-man-22.05.10-150300.7.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libslurm38-22.05.10-150300.7.6.1 * slurm_22_05-sql-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-openlava-22.05.10-150300.7.6.1 * slurm_22_05-cray-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-22.05.10-150300.7.6.1 * libslurm38-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-node-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-lua-22.05.10-150300.7.6.1 * slurm_22_05-sjstat-22.05.10-150300.7.6.1 * perl-slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-22.05.10-150300.7.6.1 * perl-slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-seff-22.05.10-150300.7.6.1 * slurm_22_05-plugins-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-22.05.10-150300.7.6.1 * slurm_22_05-testsuite-22.05.10-150300.7.6.1 * slurm_22_05-rest-22.05.10-150300.7.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-22.05.10-150300.7.6.1 * slurm_22_05-hdf5-22.05.10-150300.7.6.1 * slurm_22_05-hdf5-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-22.05.10-150300.7.6.1 * slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-devel-22.05.10-150300.7.6.1 * slurm_22_05-debugsource-22.05.10-150300.7.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-cray-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-munge-22.05.10-150300.7.6.1 * slurm_22_05-node-22.05.10-150300.7.6.1 * slurm_22_05-torque-22.05.10-150300.7.6.1 * openSUSE Leap 15.5 (noarch) * slurm_22_05-doc-22.05.10-150300.7.6.1 * slurm_22_05-webdoc-22.05.10-150300.7.6.1 * slurm_22_05-config-22.05.10-150300.7.6.1 * slurm_22_05-config-man-22.05.10-150300.7.6.1 * HPC Module 15-SP4 (aarch64 x86_64) * libslurm38-22.05.10-150300.7.6.1 * slurm_22_05-sql-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-cray-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-22.05.10-150300.7.6.1 * libslurm38-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-node-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-lua-22.05.10-150300.7.6.1 * perl-slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-22.05.10-150300.7.6.1 * perl-slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-plugins-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-22.05.10-150300.7.6.1 * slurm_22_05-rest-22.05.10-150300.7.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-22.05.10-150300.7.6.1 * libpmi0_22_05-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-22.05.10-150300.7.6.1 * slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-devel-22.05.10-150300.7.6.1 * slurm_22_05-debugsource-22.05.10-150300.7.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-cray-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-munge-22.05.10-150300.7.6.1 * slurm_22_05-node-22.05.10-150300.7.6.1 * slurm_22_05-torque-22.05.10-150300.7.6.1 * HPC Module 15-SP4 (noarch) * slurm_22_05-doc-22.05.10-150300.7.6.1 * slurm_22_05-webdoc-22.05.10-150300.7.6.1 * slurm_22_05-config-22.05.10-150300.7.6.1 * slurm_22_05-config-man-22.05.10-150300.7.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libslurm38-22.05.10-150300.7.6.1 * slurm_22_05-sql-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-node-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-22.05.10-150300.7.6.1 * libslurm38-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-lua-22.05.10-150300.7.6.1 * perl-slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-22.05.10-150300.7.6.1 * perl-slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-plugins-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-22.05.10-150300.7.6.1 * slurm_22_05-rest-22.05.10-150300.7.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-22.05.10-150300.7.6.1 * libpmi0_22_05-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-22.05.10-150300.7.6.1 * slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-devel-22.05.10-150300.7.6.1 * slurm_22_05-debugsource-22.05.10-150300.7.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-munge-22.05.10-150300.7.6.1 * slurm_22_05-node-22.05.10-150300.7.6.1 * slurm_22_05-torque-22.05.10-150300.7.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * slurm_22_05-doc-22.05.10-150300.7.6.1 * slurm_22_05-webdoc-22.05.10-150300.7.6.1 * slurm_22_05-config-22.05.10-150300.7.6.1 * slurm_22_05-config-man-22.05.10-150300.7.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libslurm38-22.05.10-150300.7.6.1 * slurm_22_05-sql-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-node-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-22.05.10-150300.7.6.1 * libslurm38-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-rest-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-lua-22.05.10-150300.7.6.1 * perl-slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-22.05.10-150300.7.6.1 * perl-slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-plugins-22.05.10-150300.7.6.1 * slurm_22_05-slurmdbd-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-22.05.10-150300.7.6.1 * slurm_22_05-rest-22.05.10-150300.7.6.1 * slurm_22_05-munge-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-pam_slurm-22.05.10-150300.7.6.1 * libpmi0_22_05-debuginfo-22.05.10-150300.7.6.1 * libpmi0_22_05-22.05.10-150300.7.6.1 * slurm_22_05-22.05.10-150300.7.6.1 * slurm_22_05-plugins-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sql-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-auth-none-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-devel-22.05.10-150300.7.6.1 * slurm_22_05-debugsource-22.05.10-150300.7.6.1 * slurm_22_05-lua-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-sview-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-torque-debuginfo-22.05.10-150300.7.6.1 * libnss_slurm2_22_05-debuginfo-22.05.10-150300.7.6.1 * slurm_22_05-munge-22.05.10-150300.7.6.1 * slurm_22_05-node-22.05.10-150300.7.6.1 * slurm_22_05-torque-22.05.10-150300.7.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * slurm_22_05-doc-22.05.10-150300.7.6.1 * slurm_22_05-webdoc-22.05.10-150300.7.6.1 * slurm_22_05-config-22.05.10-150300.7.6.1 * slurm_22_05-config-man-22.05.10-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 12:30:29 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:29 -0000 Subject: SUSE-SU-2023:4578-1: important: Security update for slurm Message-ID: <170108822992.634.13735821790095534324@smelt2.prg2.suse.org> # Security update for slurm Announcement ID: SUSE-SU-2023:4578-1 Rating: important References: * bsc#1216207 * bsc#1216869 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-41914 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could have led to an attacker taking control of an arbitrary file, or removing entire directoy contents (bsc#1216207). Bug fixes: * Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4578=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4578=1 openSUSE-SLE-15.5-2023-4578=1 * HPC Module 15-SP5 zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2023-4578=1 ## Package List: * SUSE Package Hub 15 15-SP5 (ppc64le s390x) * slurm-munge-debuginfo-23.02.6-150500.5.12.1 * slurm-torque-23.02.6-150500.5.12.1 * slurm-debuginfo-23.02.6-150500.5.12.1 * slurm-sview-debuginfo-23.02.6-150500.5.12.1 * slurm-slurmdbd-debuginfo-23.02.6-150500.5.12.1 * libnss_slurm2-23.02.6-150500.5.12.1 * slurm-torque-debuginfo-23.02.6-150500.5.12.1 * libpmi0-23.02.6-150500.5.12.1 * slurm-plugins-debuginfo-23.02.6-150500.5.12.1 * slurm-23.02.6-150500.5.12.1 * slurm-auth-none-debuginfo-23.02.6-150500.5.12.1 * slurm-devel-23.02.6-150500.5.12.1 * slurm-sql-23.02.6-150500.5.12.1 * slurm-rest-23.02.6-150500.5.12.1 * perl-slurm-23.02.6-150500.5.12.1 * slurm-node-23.02.6-150500.5.12.1 * slurm-hdf5-23.02.6-150500.5.12.1 * slurm-pam_slurm-23.02.6-150500.5.12.1 * slurm-cray-23.02.6-150500.5.12.1 * slurm-node-debuginfo-23.02.6-150500.5.12.1 * slurm-sql-debuginfo-23.02.6-150500.5.12.1 * slurm-munge-23.02.6-150500.5.12.1 * slurm-auth-none-23.02.6-150500.5.12.1 * libnss_slurm2-debuginfo-23.02.6-150500.5.12.1 * slurm-cray-debuginfo-23.02.6-150500.5.12.1 * slurm-debugsource-23.02.6-150500.5.12.1 * slurm-plugins-23.02.6-150500.5.12.1 * slurm-slurmdbd-23.02.6-150500.5.12.1 * slurm-lua-debuginfo-23.02.6-150500.5.12.1 * perl-slurm-debuginfo-23.02.6-150500.5.12.1 * slurm-lua-23.02.6-150500.5.12.1 * slurm-rest-debuginfo-23.02.6-150500.5.12.1 * libpmi0-debuginfo-23.02.6-150500.5.12.1 * slurm-sview-23.02.6-150500.5.12.1 * slurm-hdf5-debuginfo-23.02.6-150500.5.12.1 * slurm-pam_slurm-debuginfo-23.02.6-150500.5.12.1 * SUSE Package Hub 15 15-SP5 (noarch) * slurm-doc-23.02.6-150500.5.12.1 * slurm-webdoc-23.02.6-150500.5.12.1 * slurm-config-man-23.02.6-150500.5.12.1 * slurm-seff-23.02.6-150500.5.12.1 * slurm-openlava-23.02.6-150500.5.12.1 * slurm-config-23.02.6-150500.5.12.1 * slurm-sjstat-23.02.6-150500.5.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * slurm-munge-debuginfo-23.02.6-150500.5.12.1 * slurm-testsuite-23.02.6-150500.5.12.1 * libslurm39-debuginfo-23.02.6-150500.5.12.1 * slurm-torque-23.02.6-150500.5.12.1 * slurm-debuginfo-23.02.6-150500.5.12.1 * slurm-sview-debuginfo-23.02.6-150500.5.12.1 * slurm-slurmdbd-debuginfo-23.02.6-150500.5.12.1 * libslurm39-23.02.6-150500.5.12.1 * libnss_slurm2-23.02.6-150500.5.12.1 * slurm-torque-debuginfo-23.02.6-150500.5.12.1 * libpmi0-23.02.6-150500.5.12.1 * slurm-plugins-debuginfo-23.02.6-150500.5.12.1 * slurm-23.02.6-150500.5.12.1 * slurm-auth-none-debuginfo-23.02.6-150500.5.12.1 * slurm-devel-23.02.6-150500.5.12.1 * slurm-sql-23.02.6-150500.5.12.1 * slurm-rest-23.02.6-150500.5.12.1 * perl-slurm-23.02.6-150500.5.12.1 * slurm-node-23.02.6-150500.5.12.1 * slurm-hdf5-23.02.6-150500.5.12.1 * slurm-pam_slurm-23.02.6-150500.5.12.1 * slurm-cray-23.02.6-150500.5.12.1 * slurm-node-debuginfo-23.02.6-150500.5.12.1 * slurm-sql-debuginfo-23.02.6-150500.5.12.1 * slurm-munge-23.02.6-150500.5.12.1 * slurm-auth-none-23.02.6-150500.5.12.1 * libnss_slurm2-debuginfo-23.02.6-150500.5.12.1 * slurm-cray-debuginfo-23.02.6-150500.5.12.1 * slurm-debugsource-23.02.6-150500.5.12.1 * slurm-plugins-23.02.6-150500.5.12.1 * slurm-plugin-ext-sensors-rrd-23.02.6-150500.5.12.1 * slurm-slurmdbd-23.02.6-150500.5.12.1 * slurm-lua-debuginfo-23.02.6-150500.5.12.1 * perl-slurm-debuginfo-23.02.6-150500.5.12.1 * slurm-lua-23.02.6-150500.5.12.1 * slurm-rest-debuginfo-23.02.6-150500.5.12.1 * libpmi0-debuginfo-23.02.6-150500.5.12.1 * slurm-sview-23.02.6-150500.5.12.1 * slurm-plugin-ext-sensors-rrd-debuginfo-23.02.6-150500.5.12.1 * slurm-hdf5-debuginfo-23.02.6-150500.5.12.1 * slurm-pam_slurm-debuginfo-23.02.6-150500.5.12.1 * openSUSE Leap 15.5 (noarch) * slurm-doc-23.02.6-150500.5.12.1 * slurm-webdoc-23.02.6-150500.5.12.1 * slurm-config-man-23.02.6-150500.5.12.1 * slurm-seff-23.02.6-150500.5.12.1 * slurm-openlava-23.02.6-150500.5.12.1 * slurm-config-23.02.6-150500.5.12.1 * slurm-sjstat-23.02.6-150500.5.12.1 * HPC Module 15-SP5 (aarch64 x86_64) * slurm-munge-debuginfo-23.02.6-150500.5.12.1 * libslurm39-debuginfo-23.02.6-150500.5.12.1 * slurm-torque-23.02.6-150500.5.12.1 * slurm-debuginfo-23.02.6-150500.5.12.1 * slurm-sview-debuginfo-23.02.6-150500.5.12.1 * slurm-slurmdbd-debuginfo-23.02.6-150500.5.12.1 * libslurm39-23.02.6-150500.5.12.1 * libnss_slurm2-23.02.6-150500.5.12.1 * slurm-torque-debuginfo-23.02.6-150500.5.12.1 * libpmi0-23.02.6-150500.5.12.1 * slurm-plugins-debuginfo-23.02.6-150500.5.12.1 * slurm-23.02.6-150500.5.12.1 * slurm-auth-none-debuginfo-23.02.6-150500.5.12.1 * slurm-devel-23.02.6-150500.5.12.1 * slurm-sql-23.02.6-150500.5.12.1 * slurm-rest-23.02.6-150500.5.12.1 * perl-slurm-23.02.6-150500.5.12.1 * slurm-node-23.02.6-150500.5.12.1 * slurm-pam_slurm-23.02.6-150500.5.12.1 * slurm-cray-23.02.6-150500.5.12.1 * slurm-node-debuginfo-23.02.6-150500.5.12.1 * slurm-sql-debuginfo-23.02.6-150500.5.12.1 * slurm-munge-23.02.6-150500.5.12.1 * slurm-auth-none-23.02.6-150500.5.12.1 * libnss_slurm2-debuginfo-23.02.6-150500.5.12.1 * slurm-cray-debuginfo-23.02.6-150500.5.12.1 * slurm-debugsource-23.02.6-150500.5.12.1 * slurm-plugins-23.02.6-150500.5.12.1 * slurm-plugin-ext-sensors-rrd-23.02.6-150500.5.12.1 * slurm-slurmdbd-23.02.6-150500.5.12.1 * slurm-lua-debuginfo-23.02.6-150500.5.12.1 * perl-slurm-debuginfo-23.02.6-150500.5.12.1 * slurm-lua-23.02.6-150500.5.12.1 * slurm-rest-debuginfo-23.02.6-150500.5.12.1 * libpmi0-debuginfo-23.02.6-150500.5.12.1 * slurm-sview-23.02.6-150500.5.12.1 * slurm-plugin-ext-sensors-rrd-debuginfo-23.02.6-150500.5.12.1 * slurm-pam_slurm-debuginfo-23.02.6-150500.5.12.1 * HPC Module 15-SP5 (noarch) * slurm-doc-23.02.6-150500.5.12.1 * slurm-webdoc-23.02.6-150500.5.12.1 * slurm-config-man-23.02.6-150500.5.12.1 * slurm-config-23.02.6-150500.5.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1216207 * https://bugzilla.suse.com/show_bug.cgi?id=1216869 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 12:30:33 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:33 -0000 Subject: SUSE-SU-2023:4577-1: moderate: Security update for xrdp Message-ID: <170108823363.634.18089111693265221828@smelt2.prg2.suse.org> # Security update for xrdp Announcement ID: SUSE-SU-2023:4577-1 Rating: moderate References: * bsc#1215803 Cross-References: * CVE-2023-42822 CVSS scores: * CVE-2023-42822 ( SUSE ): 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N * CVE-2023-42822 ( NVD ): 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for xrdp fixes the following issues: * CVE-2023-42822: Fixed unchecked access to font glyph info (bsc#1215803). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4577=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4577=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4577=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4577=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpainter0-0.9.13.1-150200.4.27.1 * xrdp-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-devel-0.9.13.1-150200.4.27.1 * libpainter0-debuginfo-0.9.13.1-150200.4.27.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-debugsource-0.9.13.1-150200.4.27.1 * xrdp-0.9.13.1-150200.4.27.1 * librfxencode0-0.9.13.1-150200.4.27.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libpainter0-0.9.13.1-150200.4.27.1 * xrdp-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-devel-0.9.13.1-150200.4.27.1 * libpainter0-debuginfo-0.9.13.1-150200.4.27.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-debugsource-0.9.13.1-150200.4.27.1 * xrdp-0.9.13.1-150200.4.27.1 * librfxencode0-0.9.13.1-150200.4.27.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpainter0-0.9.13.1-150200.4.27.1 * xrdp-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-devel-0.9.13.1-150200.4.27.1 * libpainter0-debuginfo-0.9.13.1-150200.4.27.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-debugsource-0.9.13.1-150200.4.27.1 * xrdp-0.9.13.1-150200.4.27.1 * librfxencode0-0.9.13.1-150200.4.27.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libpainter0-0.9.13.1-150200.4.27.1 * xrdp-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-devel-0.9.13.1-150200.4.27.1 * libpainter0-debuginfo-0.9.13.1-150200.4.27.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.27.1 * xrdp-debugsource-0.9.13.1-150200.4.27.1 * xrdp-0.9.13.1-150200.4.27.1 * librfxencode0-0.9.13.1-150200.4.27.1 ## References: * https://www.suse.com/security/cve/CVE-2023-42822.html * https://bugzilla.suse.com/show_bug.cgi?id=1215803 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 12:30:37 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:37 -0000 Subject: SUSE-SU-2023:4576-1: important: Security update for sqlite3 Message-ID: <170108823758.634.17771447641830971117@smelt2.prg2.suse.org> # Security update for sqlite3 Announcement ID: SUSE-SU-2023:4576-1 Rating: important References: * bsc#1210660 Cross-References: * CVE-2023-2137 CVSS scores: * CVE-2023-2137 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2137 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for sqlite3 fixes the following issues: * CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4576=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4576=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4576=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4576=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libsqlite3-0-3.44.0-9.29.1 * libsqlite3-0-debuginfo-3.44.0-9.29.1 * sqlite3-3.44.0-9.29.1 * sqlite3-debuginfo-3.44.0-9.29.1 * sqlite3-debugsource-3.44.0-9.29.1 * sqlite3-devel-3.44.0-9.29.1 * sqlite3-tcl-3.44.0-9.29.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libsqlite3-0-32bit-3.44.0-9.29.1 * libsqlite3-0-debuginfo-32bit-3.44.0-9.29.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libsqlite3-0-3.44.0-9.29.1 * libsqlite3-0-debuginfo-3.44.0-9.29.1 * sqlite3-3.44.0-9.29.1 * sqlite3-debuginfo-3.44.0-9.29.1 * sqlite3-debugsource-3.44.0-9.29.1 * sqlite3-devel-3.44.0-9.29.1 * sqlite3-tcl-3.44.0-9.29.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libsqlite3-0-32bit-3.44.0-9.29.1 * libsqlite3-0-debuginfo-32bit-3.44.0-9.29.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libsqlite3-0-3.44.0-9.29.1 * libsqlite3-0-debuginfo-3.44.0-9.29.1 * sqlite3-3.44.0-9.29.1 * sqlite3-debuginfo-3.44.0-9.29.1 * sqlite3-debugsource-3.44.0-9.29.1 * sqlite3-devel-3.44.0-9.29.1 * sqlite3-tcl-3.44.0-9.29.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libsqlite3-0-32bit-3.44.0-9.29.1 * libsqlite3-0-debuginfo-32bit-3.44.0-9.29.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * sqlite3-devel-3.44.0-9.29.1 * sqlite3-debugsource-3.44.0-9.29.1 * sqlite3-debuginfo-3.44.0-9.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2137.html * https://bugzilla.suse.com/show_bug.cgi?id=1210660 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 12:30:41 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:41 -0000 Subject: SUSE-SU-2023:4575-1: important: Security update for gstreamer-plugins-bad Message-ID: <170108824127.634.2060327853116329723@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4575-1 Rating: important References: * bsc#1215793 * bsc#1215796 Cross-References: * CVE-2023-40474 * CVE-2023-40476 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40476 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796). * CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4575=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4575=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4575=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4575=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstplay-1_0-0-1.20.1-150400.3.9.1 * typelib-1_0-GstVulkan-1_0-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-1.20.1-150400.3.9.1 * libgsttranscoder-1_0-0-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-devel-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-1.20.1-150400.3.9.1 * gstreamer-transcoder-debuginfo-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-1.20.1-150400.3.9.1 * libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstvulkan-1_0-0-1.20.1-150400.3.9.1 * typelib-1_0-GstVulkanWayland-1_0-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-1.20.1-150400.3.9.1 * libgstsctp-1_0-0-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.9.1 * libgstphotography-1_0-0-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.9.1 * libgstva-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-1.20.1-150400.3.9.1 * gstreamer-transcoder-devel-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstTranscoder-1_0-1.20.1-150400.3.9.1 * gstreamer-transcoder-1.20.1-150400.3.9.1 * typelib-1_0-GstPlay-1_0-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-1.20.1-150400.3.9.1 * libgstva-1_0-0-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-1.20.1-150400.3.9.1 * typelib-1_0-GstVulkanXCB-1_0-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstplay-1_0-0-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.9.1 * libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.9.1 * libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.9.1 * openSUSE Leap 15.4 (x86_64) * libgstvulkan-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstplay-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-32bit-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-32bit-1.20.1-150400.3.9.1 * libgstphotography-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstplay-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstsctp-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstphotography-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstva-1_0-0-32bit-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstvulkan-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-32bit-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstsctp-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstva-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-32bit-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-32bit-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.20.1-150400.3.9.1 * openSUSE Leap 15.4 (noarch) * gstreamer-plugins-bad-lang-1.20.1-150400.3.9.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgstsctp-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstvulkan-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstvulkan-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstva-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-64bit-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstphotography-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstphotography-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-64bit-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-64bit-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstplay-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-64bit-debuginfo-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstsctp-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstplay-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstva-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-64bit-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-64bit-1.20.1-150400.3.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgstphotography-1_0-0-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstplayer-1_0-0-1.20.1-150400.3.9.1 * libgstplay-1_0-0-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.9.1 * libgstplay-1_0-0-1.20.1-150400.3.9.1 * libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.9.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-devel-1.20.1-150400.3.9.1 * libgstcodecs-1_0-0-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-1.20.1-150400.3.9.1 * libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstmpegts-1_0-0-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-1.20.1-150400.3.9.1 * libgstvulkan-1_0-0-1.20.1-150400.3.9.1 * libgstadaptivedemux-1_0-0-1.20.1-150400.3.9.1 * libgstsctp-1_0-0-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.9.1 * libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.9.1 * libgstva-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstPlay-1_0-1.20.1-150400.3.9.1 * libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.9.1 * libgsturidownloader-1_0-0-1.20.1-150400.3.9.1 * libgstva-1_0-0-1.20.1-150400.3.9.1 * libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.9.1 * libgstisoff-1_0-0-1.20.1-150400.3.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.9.1 * libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.9.1 * typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.9.1 * Desktop Applications Module 15-SP4 (noarch) * gstreamer-plugins-bad-lang-1.20.1-150400.3.9.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.9.1 * libgsttranscoder-1_0-0-1.20.1-150400.3.9.1 * libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.9.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://www.suse.com/security/cve/CVE-2023-40476.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 * https://bugzilla.suse.com/show_bug.cgi?id=1215796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 12:30:46 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:46 -0000 Subject: SUSE-SU-2023:4574-1: important: Security update for gstreamer-plugins-bad Message-ID: <170108824657.634.17053081854941177043@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4574-1 Rating: important References: * bsc#1215793 * bsc#1215796 Cross-References: * CVE-2023-40474 * CVE-2023-40476 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40476 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796). * CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4574=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4574=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4574=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4574=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libgstphotography-1_0-0-1.22.0-150500.3.9.1 * libgstplay-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.9.1 * libgstplay-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-1.22.0-150500.3.9.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstPlay-1_0-1.22.0-150500.3.9.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.9.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstva-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-1.22.0-150500.3.9.1 * libgstcodecs-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-1.22.0-150500.3.9.1 * libgstva-1_0-0-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-1.22.0-150500.3.9.1 * typelib-1_0-CudaGst-1_0-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstVa-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstCuda-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-devel-1.22.0-150500.3.9.1 * libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.9.1 * Desktop Applications Module 15-SP5 (noarch) * gstreamer-plugins-bad-lang-1.22.0-150500.3.9.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-1.22.0-150500.3.9.1 * gstreamer-transcoder-devel-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstplay-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstPlay-1_0-1.22.0-150500.3.9.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstVulkan-1_0-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstVulkanXCB-1_0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstVulkanWayland-1_0-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstva-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-1.22.0-150500.3.9.1 * libgstcodecs-1_0-0-1.22.0-150500.3.9.1 * libgstphotography-1_0-0-1.22.0-150500.3.9.1 * libgstplay-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-1.22.0-150500.3.9.1 * libgstva-1_0-0-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-1.22.0-150500.3.9.1 * typelib-1_0-CudaGst-1_0-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.9.1 * typelib-1_0-GstVa-1_0-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-1.22.0-150500.3.9.1 * typelib-1_0-GstCuda-1_0-1.22.0-150500.3.9.1 * typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.9.1 * gstreamer-transcoder-debuginfo-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-1.22.0-150500.3.9.1 * typelib-1_0-GstTranscoder-1_0-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.9.1 * gstreamer-transcoder-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-devel-1.22.0-150500.3.9.1 * libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.9.1 * openSUSE Leap 15.5 (x86_64) * libgstphotography-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-32bit-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-32bit-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstva-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstplay-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstva-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstphotography-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstplay-1_0-0-32bit-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-32bit-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstcodecs-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-32bit-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstcodecs-1_0-0-32bit-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-32bit-debuginfo-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-32bit-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-32bit-debuginfo-1.22.0-150500.3.9.1 * openSUSE Leap 15.5 (noarch) * gstreamer-plugins-bad-lang-1.22.0-150500.3.9.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libgstcodecs-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstphotography-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstphotography-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-64bit-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstmpegts-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstadaptivedemux-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstvulkan-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstplayer-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstva-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstplay-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstinsertbin-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstwebrtcnice-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-64bit-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstcodecs-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstsctp-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstbadaudio-1_0-0-64bit-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstplay-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstwayland-1_0-0-64bit-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstva-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstwebrtc-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgstcuda-1_0-0-64bit-1.22.0-150500.3.9.1 * libgstisoff-1_0-0-64bit-debuginfo-1.22.0-150500.3.9.1 * libgsturidownloader-1_0-0-64bit-1.22.0-150500.3.9.1 * gstreamer-plugins-bad-64bit-1.22.0-150500.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://www.suse.com/security/cve/CVE-2023-40476.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 * https://bugzilla.suse.com/show_bug.cgi?id=1215796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 12:30:50 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:50 -0000 Subject: SUSE-SU-2023:4573-1: important: Security update for openvswitch Message-ID: <170108825077.634.1273506193465562755@smelt2.prg2.suse.org> # Security update for openvswitch Announcement ID: SUSE-SU-2023:4573-1 Rating: important References: * bsc#1216002 Cross-References: * CVE-2023-5366 CVSS scores: * CVE-2023-5366 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-5366 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4573=1 openSUSE-SLE-15.4-2023-4573=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4573=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4573=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4573=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4573=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4573=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openvswitch-vtep-2.14.2-150400.24.14.2 * python3-ovs-2.14.2-150400.24.14.2 * ovn-20.06.2-150400.24.14.2 * ovn-central-debuginfo-20.06.2-150400.24.14.2 * ovn-vtep-debuginfo-20.06.2-150400.24.14.2 * ovn-host-20.06.2-150400.24.14.2 * openvswitch-debuginfo-2.14.2-150400.24.14.2 * openvswitch-2.14.2-150400.24.14.2 * ovn-debuginfo-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-2.14.2-150400.24.14.2 * ovn-devel-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.14.2 * openvswitch-debugsource-2.14.2-150400.24.14.2 * libovn-20_06-0-20.06.2-150400.24.14.2 * openvswitch-test-2.14.2-150400.24.14.2 * ovn-central-20.06.2-150400.24.14.2 * ovn-docker-20.06.2-150400.24.14.2 * openvswitch-devel-2.14.2-150400.24.14.2 * openvswitch-test-debuginfo-2.14.2-150400.24.14.2 * ovn-host-debuginfo-20.06.2-150400.24.14.2 * openvswitch-vtep-debuginfo-2.14.2-150400.24.14.2 * ovn-vtep-20.06.2-150400.24.14.2 * openvswitch-pki-2.14.2-150400.24.14.2 * openvswitch-ipsec-2.14.2-150400.24.14.2 * libovn-20_06-0-debuginfo-20.06.2-150400.24.14.2 * openSUSE Leap 15.4 (noarch) * openvswitch-doc-2.14.2-150400.24.14.2 * ovn-doc-20.06.2-150400.24.14.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * openvswitch-vtep-2.14.2-150400.24.14.2 * python3-ovs-2.14.2-150400.24.14.2 * ovn-20.06.2-150400.24.14.2 * ovn-central-debuginfo-20.06.2-150400.24.14.2 * ovn-vtep-debuginfo-20.06.2-150400.24.14.2 * ovn-host-20.06.2-150400.24.14.2 * openvswitch-debuginfo-2.14.2-150400.24.14.2 * openvswitch-2.14.2-150400.24.14.2 * ovn-debuginfo-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-2.14.2-150400.24.14.2 * ovn-devel-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.14.2 * openvswitch-debugsource-2.14.2-150400.24.14.2 * libovn-20_06-0-20.06.2-150400.24.14.2 * openvswitch-test-2.14.2-150400.24.14.2 * ovn-central-20.06.2-150400.24.14.2 * ovn-docker-20.06.2-150400.24.14.2 * openvswitch-devel-2.14.2-150400.24.14.2 * openvswitch-test-debuginfo-2.14.2-150400.24.14.2 * ovn-host-debuginfo-20.06.2-150400.24.14.2 * openvswitch-vtep-debuginfo-2.14.2-150400.24.14.2 * ovn-vtep-20.06.2-150400.24.14.2 * openvswitch-pki-2.14.2-150400.24.14.2 * openvswitch-ipsec-2.14.2-150400.24.14.2 * libovn-20_06-0-debuginfo-20.06.2-150400.24.14.2 * openSUSE Leap 15.5 (noarch) * openvswitch-doc-2.14.2-150400.24.14.2 * ovn-doc-20.06.2-150400.24.14.2 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openvswitch-vtep-2.14.2-150400.24.14.2 * python3-ovs-2.14.2-150400.24.14.2 * ovn-20.06.2-150400.24.14.2 * ovn-central-debuginfo-20.06.2-150400.24.14.2 * ovn-vtep-debuginfo-20.06.2-150400.24.14.2 * ovn-host-20.06.2-150400.24.14.2 * openvswitch-debuginfo-2.14.2-150400.24.14.2 * openvswitch-2.14.2-150400.24.14.2 * ovn-debuginfo-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-2.14.2-150400.24.14.2 * ovn-devel-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.14.2 * openvswitch-debugsource-2.14.2-150400.24.14.2 * libovn-20_06-0-20.06.2-150400.24.14.2 * openvswitch-test-2.14.2-150400.24.14.2 * ovn-central-20.06.2-150400.24.14.2 * ovn-docker-20.06.2-150400.24.14.2 * openvswitch-devel-2.14.2-150400.24.14.2 * openvswitch-test-debuginfo-2.14.2-150400.24.14.2 * ovn-host-debuginfo-20.06.2-150400.24.14.2 * openvswitch-vtep-debuginfo-2.14.2-150400.24.14.2 * ovn-vtep-20.06.2-150400.24.14.2 * openvswitch-pki-2.14.2-150400.24.14.2 * openvswitch-ipsec-2.14.2-150400.24.14.2 * libovn-20_06-0-debuginfo-20.06.2-150400.24.14.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * openvswitch-debugsource-2.14.2-150400.24.14.2 * python3-ovs-2.14.2-150400.24.14.2 * openvswitch-debuginfo-2.14.2-150400.24.14.2 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * openvswitch-debugsource-2.14.2-150400.24.14.2 * python3-ovs-2.14.2-150400.24.14.2 * openvswitch-debuginfo-2.14.2-150400.24.14.2 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openvswitch-vtep-2.14.2-150400.24.14.2 * python3-ovs-2.14.2-150400.24.14.2 * ovn-20.06.2-150400.24.14.2 * ovn-central-debuginfo-20.06.2-150400.24.14.2 * ovn-vtep-debuginfo-20.06.2-150400.24.14.2 * ovn-host-20.06.2-150400.24.14.2 * openvswitch-debuginfo-2.14.2-150400.24.14.2 * openvswitch-2.14.2-150400.24.14.2 * ovn-debuginfo-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-2.14.2-150400.24.14.2 * ovn-devel-20.06.2-150400.24.14.2 * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.14.2 * openvswitch-debugsource-2.14.2-150400.24.14.2 * libovn-20_06-0-20.06.2-150400.24.14.2 * openvswitch-test-2.14.2-150400.24.14.2 * ovn-central-20.06.2-150400.24.14.2 * ovn-docker-20.06.2-150400.24.14.2 * openvswitch-devel-2.14.2-150400.24.14.2 * openvswitch-test-debuginfo-2.14.2-150400.24.14.2 * ovn-host-debuginfo-20.06.2-150400.24.14.2 * openvswitch-vtep-debuginfo-2.14.2-150400.24.14.2 * ovn-vtep-20.06.2-150400.24.14.2 * openvswitch-pki-2.14.2-150400.24.14.2 * openvswitch-ipsec-2.14.2-150400.24.14.2 * libovn-20_06-0-debuginfo-20.06.2-150400.24.14.2 ## References: * https://www.suse.com/security/cve/CVE-2023-5366.html * https://bugzilla.suse.com/show_bug.cgi?id=1216002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 12:30:55 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:55 -0000 Subject: SUSE-SU-2023:4572-1: important: Security update for java-1_8_0-ibm Message-ID: <170108825572.634.17395242531764107082@smelt2.prg2.suse.org> # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2023:4572-1 Rating: important References: * bsc#1204264 * bsc#1216339 * bsc#1216374 * bsc#1216379 * bsc#1216640 * bsc#1217214 Cross-References: * CVE-2023-22025 * CVE-2023-22067 * CVE-2023-22081 * CVE-2023-5676 CVSS scores: * CVE-2023-22025 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22025 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22081 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5676 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5676 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities and has two security fixes can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 Fix Pack 15: * Oracle October 17 2023 CPU [bsc#1216640] Security fixes: * CVE-2023-22081: Fixed enhanced TLS connections (bsc#1216374) * CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379) * CVE-2023-22025: Fixed memory corruption issue on x86_64 with AVX-512 (bsc#1216339) * CVE-2023-5676: Fixed receiving a signal before initialization may lead to an infinite loop or unexpected crash (bsc#1217214) Bug fixes: * IBM Java idlj compiler switch definition because IBM java idlj seems to confuse char and wchar for typedef types (bsc#1204264). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4572=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4572=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4572=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4572=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4572=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4572=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4572=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4572=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4572=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4572=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4572=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4572=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4572=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * openSUSE Leap 15.4 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-32bit-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.15-150000.3.83.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-demo-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-src-1.8.0_sr8.15-150000.3.83.1 * openSUSE Leap 15.5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * openSUSE Leap 15.5 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-32bit-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.15-150000.3.83.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-demo-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-src-1.8.0_sr8.15-150000.3.83.1 * Legacy Module 15-SP4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * Legacy Module 15-SP4 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * Legacy Module 15-SP4 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * Legacy Module 15-SP5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * Legacy Module 15-SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * Legacy Module 15-SP5 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE Enterprise Storage 7.1 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE Enterprise Storage 7.1 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-150000.3.83.1 * SUSE CaaS Platform 4.0 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.15-150000.3.83.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.15-150000.3.83.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22025.html * https://www.suse.com/security/cve/CVE-2023-22067.html * https://www.suse.com/security/cve/CVE-2023-22081.html * https://www.suse.com/security/cve/CVE-2023-5676.html * https://bugzilla.suse.com/show_bug.cgi?id=1204264 * https://bugzilla.suse.com/show_bug.cgi?id=1216339 * https://bugzilla.suse.com/show_bug.cgi?id=1216374 * https://bugzilla.suse.com/show_bug.cgi?id=1216379 * https://bugzilla.suse.com/show_bug.cgi?id=1216640 * https://bugzilla.suse.com/show_bug.cgi?id=1217214 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 12:30:59 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 12:30:59 -0000 Subject: SUSE-SU-2023:4571-1: important: Security update for openvswitch Message-ID: <170108825993.634.4817702703819929167@smelt2.prg2.suse.org> # Security update for openvswitch Announcement ID: SUSE-SU-2023:4571-1 Rating: important References: * bsc#1216002 Cross-References: * CVE-2023-5366 CVSS scores: * CVE-2023-5366 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-5366 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4571=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4571=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4571=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4571=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * openvswitch-ipsec-2.13.2-150200.9.25.1 * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.25.1 * openvswitch-debuginfo-2.13.2-150200.9.25.1 * ovn-central-20.03.1-150200.9.25.1 * openvswitch-debugsource-2.13.2-150200.9.25.1 * ovn-vtep-20.03.1-150200.9.25.1 * openvswitch-test-2.13.2-150200.9.25.1 * ovn-host-20.03.1-150200.9.25.1 * ovn-devel-20.03.1-150200.9.25.1 * libopenvswitch-2_13-0-2.13.2-150200.9.25.1 * ovn-20.03.1-150200.9.25.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.25.1 * ovn-docker-20.03.1-150200.9.25.1 * openvswitch-2.13.2-150200.9.25.1 * openvswitch-vtep-debuginfo-2.13.2-150200.9.25.1 * openvswitch-vtep-2.13.2-150200.9.25.1 * python3-ovs-2.13.2-150200.9.25.1 * libovn-20_03-0-20.03.1-150200.9.25.1 * openvswitch-test-debuginfo-2.13.2-150200.9.25.1 * openvswitch-devel-2.13.2-150200.9.25.1 * openvswitch-pki-2.13.2-150200.9.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * openvswitch-ipsec-2.13.2-150200.9.25.1 * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.25.1 * openvswitch-debuginfo-2.13.2-150200.9.25.1 * ovn-central-20.03.1-150200.9.25.1 * openvswitch-debugsource-2.13.2-150200.9.25.1 * ovn-vtep-20.03.1-150200.9.25.1 * openvswitch-test-2.13.2-150200.9.25.1 * ovn-host-20.03.1-150200.9.25.1 * ovn-devel-20.03.1-150200.9.25.1 * libopenvswitch-2_13-0-2.13.2-150200.9.25.1 * ovn-20.03.1-150200.9.25.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.25.1 * ovn-docker-20.03.1-150200.9.25.1 * openvswitch-2.13.2-150200.9.25.1 * openvswitch-vtep-debuginfo-2.13.2-150200.9.25.1 * openvswitch-vtep-2.13.2-150200.9.25.1 * python3-ovs-2.13.2-150200.9.25.1 * libovn-20_03-0-20.03.1-150200.9.25.1 * openvswitch-test-debuginfo-2.13.2-150200.9.25.1 * openvswitch-devel-2.13.2-150200.9.25.1 * openvswitch-pki-2.13.2-150200.9.25.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.25.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.25.1 * libovn-20_03-0-20.03.1-150200.9.25.1 * libopenvswitch-2_13-0-2.13.2-150200.9.25.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * openvswitch-ipsec-2.13.2-150200.9.25.1 * libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.25.1 * openvswitch-debuginfo-2.13.2-150200.9.25.1 * ovn-central-20.03.1-150200.9.25.1 * openvswitch-debugsource-2.13.2-150200.9.25.1 * ovn-vtep-20.03.1-150200.9.25.1 * openvswitch-test-2.13.2-150200.9.25.1 * ovn-host-20.03.1-150200.9.25.1 * ovn-devel-20.03.1-150200.9.25.1 * libopenvswitch-2_13-0-2.13.2-150200.9.25.1 * ovn-20.03.1-150200.9.25.1 * libovn-20_03-0-debuginfo-20.03.1-150200.9.25.1 * ovn-docker-20.03.1-150200.9.25.1 * openvswitch-2.13.2-150200.9.25.1 * openvswitch-vtep-debuginfo-2.13.2-150200.9.25.1 * openvswitch-vtep-2.13.2-150200.9.25.1 * python3-ovs-2.13.2-150200.9.25.1 * libovn-20_03-0-20.03.1-150200.9.25.1 * openvswitch-test-debuginfo-2.13.2-150200.9.25.1 * openvswitch-devel-2.13.2-150200.9.25.1 * openvswitch-pki-2.13.2-150200.9.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5366.html * https://bugzilla.suse.com/show_bug.cgi?id=1216002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 16:30:03 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 16:30:03 -0000 Subject: SUSE-SU-2023:4591-1: important: Security update for squashfs Message-ID: <170110260366.2808.5975613855757736547@smelt2.prg2.suse.org> # Security update for squashfs Announcement ID: SUSE-SU-2023:4591-1 Rating: important References: * bsc#1189936 * bsc#1190531 * bsc#935380 Cross-References: * CVE-2015-4645 * CVE-2015-4646 * CVE-2021-40153 * CVE-2021-41072 CVSS scores: * CVE-2015-4645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2015-4645 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2015-4646 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-40153 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2021-40153 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2021-41072 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2021-41072 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for squashfs fixes the following issues: * CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs- tools (bsc#935380) * CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936) * CVE-2021-41072: Fixed an issue where an attacker might have been able to write a file outside the destination directory via a symlink (bsc#1190531). update to 4.6.1: * Race condition which can cause corruption of the "fragment table" fixed. This is a regression introduced in August 2022, and it has been seen when tailend packing is used (-tailends option). * Fix build failure when the tools are being built without extended attribute (XATTRs) support. * Fix XATTR error message when an unrecognised prefix is found * Fix incorrect free of pointer when an unrecognised XATTR prefix is found. * Major improvements in extended attribute handling, pseudo file handling, and miscellaneous new options and improvements * Extended attribute handling improved in Mksquashfs and Sqfstar * New Pseudo file xattr definition to add extended attributes to files. * New xattrs-add Action to add extended attributes to files * Extended attribute handling improved in Unsquashfs * Other major improvements * Unsquashfs can now output Pseudo files to standard out. * Mksquashfs can now input Pseudo files from standard in. * Squashfs filesystems can now be converted (different block size compression etc) without unpacking to an intermediate filesystem or mounting, by piping the output of Unsquashfs to Mksquashfs. * Pseudo files are now supported by Sqfstar. * "Non-anchored" excludes are now supported by Unsquashfs. update to 4.5.1 (bsc#1190531, CVE-2021-41072): * This release adds Manpages for Mksquashfs(1), Unsquashfs(1), Sqfstar(1) and Sqfscat(1). * The -help text output from the utilities has been improved and extended as well (but the Manpages are now more comprehensive). * CVE-2021-41072 which is a writing outside of destination exploit, has been fixed. * The number of hard-links in the filesystem is now also displayed by Mksquashfs in the output summary. * The number of hard-links written by Unsquashfs is now also displayed in the output summary. * Unsquashfs will now write to a pre-existing destination directory, rather than aborting. * Unsquashfs now allows "." to used as the destination, to extract to the current directory. * The Unsquashfs progress bar now tracks empty files and hardlinks, in addition to data blocks. * -no-hardlinks option has been implemented for Sqfstar. * More sanity checking for "corrupted" filesystems, including checks for multiply linked directories and directory loops. * Options that may cause filesystems to be unmountable have been moved into a new "experts" category in the Mksquashfs help text (and Manpage). * Maximum cpiostyle filename limited to PATH_MAX. This prevents attempts to overflow the stack, or cause system calls to fail with a too long pathname. * Don't always use "max open file limit" when calculating length of queues, as a very large file limit can cause Unsquashfs to abort. Instead use the smaller of max open file limit and cache size. * Fix Mksquashfs silently ignoring Pseudo file definitions when appending. * Don't abort if no XATTR support has been built in, and there's XATTRs in the filesystem. This is a regression introduced in 2019 in Version 4.4. * Fix duplicate check when the last file block is sparse. update to 4.5: * Mksquashfs now supports "Actions". * New sqfstar command which will create a Squashfs image from a tar archive. * Tar style handling of source pathnames in Mksquashfs. * Cpio style handling of source pathnames in Mksquashfs. * New option to throttle the amount of CPU and I/O. * Mksquashfs now allows no source directory to be specified. * New Pseudo file "R" definition which allows a Regular file o be created with data stored within the Pseudo file. * Symbolic links are now followed in extract files * Unsquashfs now supports "exclude" files. * Max depth traversal option added. * Unsquashfs can now output a "Pseudo file" representing the input Squashfs filesystem. * New -one-file-system option in Mksquashfs. * New -no-hardlinks option in Mksquashfs. * Exit code in Unsquashfs changed to distinguish between non-fatal errors (exit 2), and fatal errors (exit 1). * Xattr id count added in Unsquashfs "-stat" output. * Unsquashfs "write outside directory" exploit fixed. * Error handling in Unsquashfs writer thread fixed. * Fix failure to truncate destination if appending aborted. * Prevent Mksquashfs reading the destination file. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4591=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4591=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4591=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4591=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4591=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4591=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4591=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4591=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4591=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4591=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4591=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4591=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4591=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4591=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4591=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4591=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4591=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4591=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4591=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4591=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4591=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4591=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4591=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Manager Proxy 4.2 (x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2015-4645.html * https://www.suse.com/security/cve/CVE-2015-4646.html * https://www.suse.com/security/cve/CVE-2021-40153.html * https://www.suse.com/security/cve/CVE-2021-41072.html * https://bugzilla.suse.com/show_bug.cgi?id=1189936 * https://bugzilla.suse.com/show_bug.cgi?id=1190531 * https://bugzilla.suse.com/show_bug.cgi?id=935380 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 16:30:08 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 16:30:08 -0000 Subject: SUSE-SU-2023:4589-1: important: Security update for squid Message-ID: <170110260860.2808.10406548433494235347@smelt2.prg2.suse.org> # Security update for squid Announcement ID: SUSE-SU-2023:4589-1 Rating: important References: * bsc#1216926 * bsc#1217274 Cross-References: * CVE-2023-46728 CVSS scores: * CVE-2023-46728 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46728 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-46728: Remove gopher support (bsc#1216926). * Fixed overread in HTTP request header parsing (bsc#1217274). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4589=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4589=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4589=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4589=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4589=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4589=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4589=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4589=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4589=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4589=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4589=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 * SUSE CaaS Platform 4.0 (x86_64) * squid-debugsource-4.17-150000.5.41.1 * squid-4.17-150000.5.41.1 * squid-debuginfo-4.17-150000.5.41.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46728.html * https://bugzilla.suse.com/show_bug.cgi?id=1216926 * https://bugzilla.suse.com/show_bug.cgi?id=1217274 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 16:30:10 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 16:30:10 -0000 Subject: SUSE-SU-2023:4588-1: important: Security update for MozillaThunderbird Message-ID: <170110261092.2808.6632042655580826653@smelt2.prg2.suse.org> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2023:4588-1 Rating: important References: * bsc#1217230 Cross-References: * CVE-2023-6204 * CVE-2023-6205 * CVE-2023-6206 * CVE-2023-6207 * CVE-2023-6208 * CVE-2023-6209 * CVE-2023-6212 CVSS scores: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: * Mozilla Thunderbird 115.5.0 MFSA 2023-52 (bsc#1217230) * CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205: Use-after-free in MessagePort::Entangled * CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208: Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209: Incorrect parsing of relative URLs starting with "///" * CVE-2023-6212: Memory safety bugs ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4588=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4588=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4588=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4588=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4588=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4588=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debuginfo-115.5.0-150200.8.139.1 * MozillaThunderbird-debugsource-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-common-115.5.0-150200.8.139.1 * MozillaThunderbird-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-other-115.5.0-150200.8.139.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debuginfo-115.5.0-150200.8.139.1 * MozillaThunderbird-debugsource-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-common-115.5.0-150200.8.139.1 * MozillaThunderbird-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-other-115.5.0-150200.8.139.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-115.5.0-150200.8.139.1 * MozillaThunderbird-debugsource-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-common-115.5.0-150200.8.139.1 * MozillaThunderbird-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-other-115.5.0-150200.8.139.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-115.5.0-150200.8.139.1 * MozillaThunderbird-debugsource-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-common-115.5.0-150200.8.139.1 * MozillaThunderbird-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-other-115.5.0-150200.8.139.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * MozillaThunderbird-debuginfo-115.5.0-150200.8.139.1 * MozillaThunderbird-debugsource-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-common-115.5.0-150200.8.139.1 * MozillaThunderbird-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-other-115.5.0-150200.8.139.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * MozillaThunderbird-debuginfo-115.5.0-150200.8.139.1 * MozillaThunderbird-debugsource-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-common-115.5.0-150200.8.139.1 * MozillaThunderbird-115.5.0-150200.8.139.1 * MozillaThunderbird-translations-other-115.5.0-150200.8.139.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6204.html * https://www.suse.com/security/cve/CVE-2023-6205.html * https://www.suse.com/security/cve/CVE-2023-6206.html * https://www.suse.com/security/cve/CVE-2023-6207.html * https://www.suse.com/security/cve/CVE-2023-6208.html * https://www.suse.com/security/cve/CVE-2023-6209.html * https://www.suse.com/security/cve/CVE-2023-6212.html * https://bugzilla.suse.com/show_bug.cgi?id=1217230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 16:30:15 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 16:30:15 -0000 Subject: SUSE-SU-2023:4587-1: important: Security update for vim Message-ID: <170110261500.2808.3755705399754560240@smelt2.prg2.suse.org> # Security update for vim Announcement ID: SUSE-SU-2023:4587-1 Rating: important References: * bsc#1215940 * bsc#1216001 * bsc#1216167 * bsc#1216696 Cross-References: * CVE-2023-46246 * CVE-2023-5344 * CVE-2023-5441 * CVE-2023-5535 CVSS scores: * CVE-2023-46246 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-46246 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5344 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5344 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5344 ( NVD ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5441 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5535 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) * CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) * CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) * CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4587=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4587=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4587=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4587=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4587=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4587=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4587=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4587=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4587=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4587=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4587=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4587=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4587=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4587=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4587=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4587=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4587=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4587=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4587=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4587=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4587=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4587=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4587=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * openSUSE Leap Micro 5.4 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * openSUSE Leap 15.4 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * Basesystem Module 15-SP4 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * SUSE Enterprise Storage 7.1 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE CaaS Platform 4.0 (x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE CaaS Platform 4.0 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46246.html * https://www.suse.com/security/cve/CVE-2023-5344.html * https://www.suse.com/security/cve/CVE-2023-5441.html * https://www.suse.com/security/cve/CVE-2023-5535.html * https://bugzilla.suse.com/show_bug.cgi?id=1215940 * https://bugzilla.suse.com/show_bug.cgi?id=1216001 * https://bugzilla.suse.com/show_bug.cgi?id=1216167 * https://bugzilla.suse.com/show_bug.cgi?id=1216696 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Mon Nov 27 16:30:18 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Nov 2023 16:30:18 -0000 Subject: SUSE-SU-2023:4586-1: important: Security update for xerces-c Message-ID: <170110261865.2808.16119577565904624255@smelt2.prg2.suse.org> # Security update for xerces-c Announcement ID: SUSE-SU-2023:4586-1 Rating: important References: * bsc#1216156 Cross-References: * CVE-2023-37536 CVSS scores: * CVE-2023-37536 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H * CVE-2023-37536 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for xerces-c fixes the following issues: * CVE-2023-37536: Fixed an integer overflow that could have led to a out-of- bounds memory accesses (bsc#1216156). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4586=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4586=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4586=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4586=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4586=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4586=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4586=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4586=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4586=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4586=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * xerces-c-doc-3.2.3-150300.3.3.2 * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * openSUSE Leap 15.3 (x86_64) * libxerces-c-3_2-32bit-3.2.3-150300.3.3.2 * libxerces-c-3_2-32bit-debuginfo-3.2.3-150300.3.3.2 * openSUSE Leap 15.3 (aarch64_ilp32) * libxerces-c-3_2-64bit-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-64bit-3.2.3-150300.3.3.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xerces-c-doc-3.2.3-150300.3.3.2 * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * openSUSE Leap 15.4 (x86_64) * libxerces-c-3_2-32bit-3.2.3-150300.3.3.2 * libxerces-c-3_2-32bit-debuginfo-3.2.3-150300.3.3.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * xerces-c-doc-3.2.3-150300.3.3.2 * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * openSUSE Leap 15.5 (x86_64) * libxerces-c-3_2-32bit-3.2.3-150300.3.3.2 * libxerces-c-3_2-32bit-debuginfo-3.2.3-150300.3.3.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libxerces-c-devel-3.2.3-150300.3.3.2 * xerces-c-debugsource-3.2.3-150300.3.3.2 * xerces-c-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-debuginfo-3.2.3-150300.3.3.2 * libxerces-c-3_2-3.2.3-150300.3.3.2 ## References: * https://www.suse.com/security/cve/CVE-2023-37536.html * https://bugzilla.suse.com/show_bug.cgi?id=1216156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 28 08:03:47 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Nov 2023 09:03:47 +0100 (CET) Subject: SUSE-CU-2023:3902-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231128080347.8D894FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3902-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.262 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.262 Severity : important Type : security References : 1215940 1216001 1216167 1216696 CVE-2023-46246 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) The following package changes have been done: - vim-data-common-9.0.2103-150000.5.57.1 updated - vim-9.0.2103-150000.5.57.1 updated From sle-security-updates at lists.suse.com Tue Nov 28 08:04:56 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Nov 2023 09:04:56 +0100 (CET) Subject: SUSE-CU-2023:3904-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231128080456.D1234F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3904-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.160 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.160 Severity : important Type : security References : 1215940 1216001 1216167 1216696 CVE-2023-46246 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) The following package changes have been done: - vim-data-common-9.0.2103-150000.5.57.1 updated - vim-9.0.2103-150000.5.57.1 updated From sle-security-updates at lists.suse.com Tue Nov 28 08:08:16 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Nov 2023 09:08:16 +0100 (CET) Subject: SUSE-CU-2023:3911-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231128080816.02135F3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3911-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.499 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.499 Severity : important Type : security References : 1215940 1216001 1216167 1216696 CVE-2023-46246 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) The following package changes have been done: - vim-data-common-9.0.2103-150000.5.57.1 updated - vim-9.0.2103-150000.5.57.1 updated From sle-security-updates at lists.suse.com Tue Nov 28 08:09:56 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Nov 2023 09:09:56 +0100 (CET) Subject: SUSE-CU-2023:3913-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231128080956.45037FD1F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3913-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.321 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.321 Severity : important Type : security References : 1215940 1216001 1216167 1216696 CVE-2023-46246 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) The following package changes have been done: - vim-data-common-9.0.2103-150000.5.57.1 updated - vim-9.0.2103-150000.5.57.1 updated From sle-security-updates at lists.suse.com Tue Nov 28 12:30:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Nov 2023 12:30:06 -0000 Subject: SUSE-SU-2023:4597-1: important: Security update for gstreamer-plugins-bad Message-ID: <170117460624.6678.16318510844438453314@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4597-1 Rating: important References: * bsc#1215793 * bsc#1215796 Cross-References: * CVE-2023-40474 * CVE-2023-40476 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40476 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796). * CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4597=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4597=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4597=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4597=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libgstinsertbin-1_0-0-debuginfo-1.8.3-18.9.3 * gstreamer-plugins-bad-devel-1.8.3-18.9.3 * libgsturidownloader-1_0-0-1.8.3-18.9.3 * gstreamer-plugins-bad-debugsource-1.8.3-18.9.3 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.9.3 * libgstinsertbin-1_0-0-1.8.3-18.9.3 * gstreamer-plugins-bad-debuginfo-1.8.3-18.9.3 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libgstbadbase-1_0-0-1.8.3-18.9.3 * libgstbadbase-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadaudio-1_0-0-1.8.3-18.9.3 * libgstcodecparsers-1_0-0-debuginfo-1.8.3-18.9.3 * libgstadaptivedemux-1_0-0-debuginfo-1.8.3-18.9.3 * gstreamer-plugins-bad-debuginfo-1.8.3-18.9.3 * libgstmpegts-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadvideo-1_0-0-debuginfo-1.8.3-18.9.3 * libgstgl-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadaudio-1_0-0-debuginfo-1.8.3-18.9.3 * libgsturidownloader-1_0-0-1.8.3-18.9.3 * libgstbasecamerabinsrc-1_0-0-1.8.3-18.9.3 * libgstmpegts-1_0-0-1.8.3-18.9.3 * libgstadaptivedemux-1_0-0-1.8.3-18.9.3 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-18.9.3 * libgstcodecparsers-1_0-0-1.8.3-18.9.3 * libgstgl-1_0-0-1.8.3-18.9.3 * libgstphotography-1_0-0-debuginfo-1.8.3-18.9.3 * gstreamer-plugins-bad-debugsource-1.8.3-18.9.3 * libgstbadvideo-1_0-0-1.8.3-18.9.3 * gstreamer-plugins-bad-1.8.3-18.9.3 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.9.3 * libgstphotography-1_0-0-1.8.3-18.9.3 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * gstreamer-plugins-bad-lang-1.8.3-18.9.3 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libgstbadbase-1_0-0-1.8.3-18.9.3 * libgstbadbase-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadaudio-1_0-0-1.8.3-18.9.3 * libgstcodecparsers-1_0-0-debuginfo-1.8.3-18.9.3 * libgstadaptivedemux-1_0-0-debuginfo-1.8.3-18.9.3 * gstreamer-plugins-bad-debuginfo-1.8.3-18.9.3 * libgstmpegts-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadvideo-1_0-0-debuginfo-1.8.3-18.9.3 * libgstgl-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadaudio-1_0-0-debuginfo-1.8.3-18.9.3 * libgsturidownloader-1_0-0-1.8.3-18.9.3 * libgstbasecamerabinsrc-1_0-0-1.8.3-18.9.3 * libgstmpegts-1_0-0-1.8.3-18.9.3 * libgstadaptivedemux-1_0-0-1.8.3-18.9.3 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-18.9.3 * libgstcodecparsers-1_0-0-1.8.3-18.9.3 * libgstgl-1_0-0-1.8.3-18.9.3 * libgstphotography-1_0-0-debuginfo-1.8.3-18.9.3 * gstreamer-plugins-bad-debugsource-1.8.3-18.9.3 * libgstbadvideo-1_0-0-1.8.3-18.9.3 * gstreamer-plugins-bad-1.8.3-18.9.3 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.9.3 * libgstphotography-1_0-0-1.8.3-18.9.3 * SUSE Linux Enterprise Server 12 SP5 (noarch) * gstreamer-plugins-bad-lang-1.8.3-18.9.3 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libgstbadbase-1_0-0-1.8.3-18.9.3 * libgstbadbase-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadaudio-1_0-0-1.8.3-18.9.3 * libgstcodecparsers-1_0-0-debuginfo-1.8.3-18.9.3 * libgstadaptivedemux-1_0-0-debuginfo-1.8.3-18.9.3 * gstreamer-plugins-bad-debuginfo-1.8.3-18.9.3 * libgstmpegts-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadvideo-1_0-0-debuginfo-1.8.3-18.9.3 * libgstgl-1_0-0-debuginfo-1.8.3-18.9.3 * libgstbadaudio-1_0-0-debuginfo-1.8.3-18.9.3 * libgsturidownloader-1_0-0-1.8.3-18.9.3 * libgstbasecamerabinsrc-1_0-0-1.8.3-18.9.3 * libgstmpegts-1_0-0-1.8.3-18.9.3 * libgstadaptivedemux-1_0-0-1.8.3-18.9.3 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-18.9.3 * libgstcodecparsers-1_0-0-1.8.3-18.9.3 * libgstgl-1_0-0-1.8.3-18.9.3 * libgstphotography-1_0-0-debuginfo-1.8.3-18.9.3 * gstreamer-plugins-bad-debugsource-1.8.3-18.9.3 * libgstbadvideo-1_0-0-1.8.3-18.9.3 * gstreamer-plugins-bad-1.8.3-18.9.3 * libgsturidownloader-1_0-0-debuginfo-1.8.3-18.9.3 * libgstphotography-1_0-0-1.8.3-18.9.3 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * gstreamer-plugins-bad-lang-1.8.3-18.9.3 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://www.suse.com/security/cve/CVE-2023-40476.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 * https://bugzilla.suse.com/show_bug.cgi?id=1215796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 28 12:30:14 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Nov 2023 12:30:14 -0000 Subject: SUSE-SU-2023:4596-1: important: Security update for gstreamer-plugins-bad Message-ID: <170117461411.6678.9782708904165411983@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4596-1 Rating: important References: * bsc#1215793 * bsc#1215796 Cross-References: * CVE-2023-40474 * CVE-2023-40476 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40476 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796). * CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4596=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4596=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4596=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.15.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.15.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.15.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.15.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstgl-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.15.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.15.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.15.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.15.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstgl-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.15.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.15.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.15.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.15.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstgl-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.15.1 * SUSE CaaS Platform 4.0 (x86_64) * libgstbadaudio-1_0-0-debuginfo-1.12.5-150000.3.15.1 * typelib-1_0-GstInsertBin-1_0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstBadAllocators-1_0-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debuginfo-1.12.5-150000.3.15.1 * libgstbadaudio-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstMpegts-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstwayland-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-1.12.5-150000.3.15.1 * libgstcodecparsers-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-debugsource-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-1.12.5-150000.3.15.1 * libgstgl-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-devel-1.12.5-150000.3.15.1 * typelib-1_0-GstPlayer-1_0-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbadbase-1_0-0-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstgl-1_0-0-1.12.5-150000.3.15.1 * typelib-1_0-GstGL-1_0-1.12.5-150000.3.15.1 * libgstinsertbin-1_0-0-1.12.5-150000.3.15.1 * libgstbadallocators-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-1.12.5-150000.3.15.1 * libgstmpegts-1_0-0-debuginfo-1.12.5-150000.3.15.1 * gstreamer-plugins-bad-1.12.5-150000.3.15.1 * libgstplayer-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-1.12.5-150000.3.15.1 * libgstbadvideo-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgsturidownloader-1_0-0-debuginfo-1.12.5-150000.3.15.1 * libgstphotography-1_0-0-1.12.5-150000.3.15.1 * libgstbasecamerabinsrc-1_0-0-1.12.5-150000.3.15.1 * libgstadaptivedemux-1_0-0-debuginfo-1.12.5-150000.3.15.1 * SUSE CaaS Platform 4.0 (noarch) * gstreamer-plugins-bad-lang-1.12.5-150000.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://www.suse.com/security/cve/CVE-2023-40476.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 * https://bugzilla.suse.com/show_bug.cgi?id=1215796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 28 12:30:16 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Nov 2023 12:30:16 -0000 Subject: SUSE-SU-2023:4595-1: important: Security update for gstreamer-plugins-bad Message-ID: <170117461647.6678.911782064245803821@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4595-1 Rating: important References: * bsc#1215793 * bsc#1215796 Cross-References: * CVE-2023-40474 * CVE-2023-40476 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40476 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796). * CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4595=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4595=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4595=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * typelib-1_0-GstPlayer-1_0-1.16.3-150200.4.13.2 * libgstwebrtc-1_0-0-1.16.3-150200.4.13.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150200.4.13.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-devel-1.16.3-150200.4.13.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150200.4.13.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150200.4.13.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstphotography-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-1.16.3-150200.4.13.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstcodecparsers-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150200.4.13.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstmpegts-1_0-0-1.16.3-150200.4.13.2 * libgsturidownloader-1_0-0-1.16.3-150200.4.13.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150200.4.13.2 * libgstinsertbin-1_0-0-1.16.3-150200.4.13.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstbadaudio-1_0-0-1.16.3-150200.4.13.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150200.4.13.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150200.4.13.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstplayer-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-debugsource-1.16.3-150200.4.13.2 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstsctp-1_0-0-1.16.3-150200.4.13.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstisoff-1_0-0-1.16.3-150200.4.13.2 * libgstwayland-1_0-0-1.16.3-150200.4.13.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstadaptivedemux-1_0-0-1.16.3-150200.4.13.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150200.4.13.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150200.4.13.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * typelib-1_0-GstPlayer-1_0-1.16.3-150200.4.13.2 * libgstwebrtc-1_0-0-1.16.3-150200.4.13.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150200.4.13.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-devel-1.16.3-150200.4.13.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150200.4.13.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150200.4.13.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstphotography-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-1.16.3-150200.4.13.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstcodecparsers-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150200.4.13.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstmpegts-1_0-0-1.16.3-150200.4.13.2 * libgsturidownloader-1_0-0-1.16.3-150200.4.13.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150200.4.13.2 * libgstinsertbin-1_0-0-1.16.3-150200.4.13.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstbadaudio-1_0-0-1.16.3-150200.4.13.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150200.4.13.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150200.4.13.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstplayer-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-debugsource-1.16.3-150200.4.13.2 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstsctp-1_0-0-1.16.3-150200.4.13.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstisoff-1_0-0-1.16.3-150200.4.13.2 * libgstwayland-1_0-0-1.16.3-150200.4.13.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstadaptivedemux-1_0-0-1.16.3-150200.4.13.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150200.4.13.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150200.4.13.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * typelib-1_0-GstPlayer-1_0-1.16.3-150200.4.13.2 * libgstwebrtc-1_0-0-1.16.3-150200.4.13.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150200.4.13.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-devel-1.16.3-150200.4.13.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150200.4.13.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150200.4.13.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstphotography-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-1.16.3-150200.4.13.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstcodecparsers-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150200.4.13.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstmpegts-1_0-0-1.16.3-150200.4.13.2 * libgsturidownloader-1_0-0-1.16.3-150200.4.13.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150200.4.13.2 * libgstinsertbin-1_0-0-1.16.3-150200.4.13.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstbadaudio-1_0-0-1.16.3-150200.4.13.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150200.4.13.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150200.4.13.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstplayer-1_0-0-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150200.4.13.2 * gstreamer-plugins-bad-debugsource-1.16.3-150200.4.13.2 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstsctp-1_0-0-1.16.3-150200.4.13.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstisoff-1_0-0-1.16.3-150200.4.13.2 * libgstwayland-1_0-0-1.16.3-150200.4.13.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150200.4.13.2 * libgstadaptivedemux-1_0-0-1.16.3-150200.4.13.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150200.4.13.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150200.4.13.2 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://www.suse.com/security/cve/CVE-2023-40476.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 * https://bugzilla.suse.com/show_bug.cgi?id=1215796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 28 12:30:26 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Nov 2023 12:30:26 -0000 Subject: SUSE-SU-2023:4594-1: important: Security update for gstreamer-plugins-bad Message-ID: <170117462607.6678.5482629698455617590@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4594-1 Rating: important References: * bsc#1215793 * bsc#1215796 Cross-References: * CVE-2023-40474 * CVE-2023-40476 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40476 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796). * CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4594=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4594=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4594=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4594=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4594=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4594=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-1.16.3-150300.9.12.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-doc-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.12.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.12.2 * openSUSE Leap 15.3 (x86_64) * libgstinsertbin-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-32bit-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-32bit-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-32bit-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-32bit-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-32bit-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.16.3-150300.9.12.2 * openSUSE Leap 15.3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.12.2 * openSUSE Leap 15.3 (aarch64_ilp32) * libgstbadaudio-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-64bit-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-64bit-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-64bit-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-64bit-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-64bit-debuginfo-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-64bit-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-64bit-1.16.3-150300.9.12.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-1.16.3-150300.9.12.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.12.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.12.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.12.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-1.16.3-150300.9.12.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.12.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.12.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.12.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-1.16.3-150300.9.12.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.12.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.12.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.12.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-1.16.3-150300.9.12.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.12.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.12.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.12.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-1.16.3-150300.9.12.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.12.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-1.16.3-150300.9.12.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.12.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.12.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstmpegts-1_0-0-1.16.3-150300.9.12.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.12.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.12.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.12.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.12.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.12.2 * SUSE Enterprise Storage 7.1 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.12.2 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://www.suse.com/security/cve/CVE-2023-40476.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 * https://bugzilla.suse.com/show_bug.cgi?id=1215796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 28 12:30:29 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Nov 2023 12:30:29 -0000 Subject: SUSE-SU-2023:4593-1: important: Security update for compat-openssl098 Message-ID: <170117462906.6678.3143896910646349694@smelt2.prg2.suse.org> # Security update for compat-openssl098 Announcement ID: SUSE-SU-2023:4593-1 Rating: important References: * bsc#1216922 Cross-References: * CVE-2023-5678 CVSS scores: * CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Legacy Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for compat-openssl098 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 12 zypper in -t patch SUSE-SLE-Module-Legacy-12-2023-4593=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-4593=1 ## Package List: * Legacy Module 12 (s390x x86_64) * libopenssl0_9_8-0.9.8j-106.61.1 * libopenssl0_9_8-debuginfo-0.9.8j-106.61.1 * libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.61.1 * libopenssl0_9_8-32bit-0.9.8j-106.61.1 * compat-openssl098-debugsource-0.9.8j-106.61.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl0_9_8-debuginfo-0.9.8j-106.61.1 * libopenssl0_9_8-0.9.8j-106.61.1 * compat-openssl098-debugsource-0.9.8j-106.61.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5678.html * https://bugzilla.suse.com/show_bug.cgi?id=1216922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Tue Nov 28 13:35:38 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Nov 2023 14:35:38 +0100 (CET) Subject: SUSE-IU-2023:843-1: Security update of sles-15-sp4-chost-byos-v20231127-arm64 Message-ID: <20231128133538.3E75AFBA9@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20231127-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:843-1 Image Tags : sles-15-sp4-chost-byos-v20231127-arm64:20231127 Image Release : Severity : important Type : security References : 1027519 1041742 1111622 1170175 1176785 1184753 1196647 1199282 1203760 1206480 1206667 1206684 1208788 1209998 1210286 1210557 1210778 1211307 1211427 1212101 1212422 1212423 1212649 1213705 1213772 1213915 1214052 1214460 1214842 1215095 1215104 1215145 1215265 1215427 1215474 1215518 1215746 1215747 1215748 1215940 1215947 1215955 1215956 1215957 1215979 1215986 1216001 1216010 1216062 1216075 1216091 1216129 1216167 1216253 1216345 1216377 1216419 1216510 1216511 1216512 1216541 1216621 1216654 1216664 1216696 1216807 1216922 CVE-2022-40897 CVE-2023-20588 CVE-2023-2163 CVE-2023-31085 CVE-2023-34322 CVE-2023-34324 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-3777 CVE-2023-38470 CVE-2023-38473 CVE-2023-39189 CVE-2023-39193 CVE-2023-4039 CVE-2023-45322 CVE-2023-45803 CVE-2023-46246 CVE-2023-46835 CVE-2023-46836 CVE-2023-5178 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 CVE-2023-5678 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20231127-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4268-1 Released: Mon Oct 30 16:51:57 2023 Summary: Recommended update for pciutils Type: recommended Severity: important References: 1215265 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4378-1 Released: Mon Nov 6 14:54:59 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1208788,1210778,1211307,1212423,1212649,1213705,1213772,1214842,1215095,1215104,1215518,1215955,1215956,1215957,1215986,1216062,1216345,1216510,1216511,1216512,1216621,CVE-2023-2163,CVE-2023-31085,CVE-2023-34324,CVE-2023-3777,CVE-2023-39189,CVE-2023-39193,CVE-2023-5178 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) The following non-security bugs were fixed: - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). - ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). - ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). - ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). - ASoC: pxa: fix a memory leak in probe() (git-fixes). - ata: libata-core: Do not register PM operations for SAS ports (git-fixes). - ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). - ata: libata-core: Fix port and device removal (git-fixes). - ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). - blk-cgroup: support to track if policy is online (bsc#1216062). - Bluetooth: avoid memcmp() out of bounds warning (git-fixes). - Bluetooth: Avoid redundant authentication (git-fixes). - Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). - Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). - Bluetooth: hci_event: Fix coding style (git-fixes). - Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). - Bluetooth: hci_event: Ignore NULL link key (git-fixes). - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). - Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes). - Bluetooth: vhci: Fix race when opening vhci device (git-fixes). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes). - cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). - clk: tegra: fix error return case for recalc_rate (git-fixes). - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes). - crypto: qat - add fw_counters debugfs file (PED-6401). - crypto: qat - add heartbeat counters check (PED-6401). - crypto: qat - add heartbeat feature (PED-6401). - crypto: qat - add internal timer for qat 4xxx (PED-6401). - crypto: qat - add measure clock frequency (PED-6401). - crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). - crypto: qat - add qat_zlib_deflate (PED-6401). - crypto: qat - add support for 402xx devices (PED-6401). - crypto: qat - change value of default idle filter (PED-6401). - crypto: qat - delay sysfs initialization (PED-6401). - crypto: qat - do not export adf_init_admin_pm() (PED-6401). - crypto: qat - drop log level of msg in get_instance_node() (PED-6401). - crypto: qat - drop obsolete heartbeat interface (PED-6401). - crypto: qat - drop redundant adf_enable_aer() (PED-6401). - crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). - crypto: qat - extend buffer list logic interface (PED-6401). - crypto: qat - extend configuration for 4xxx (PED-6401). - crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). - crypto: qat - fix concurrency issue when device state changes (PED-6401). - crypto: qat - fix crypto capability detection for 4xxx (PED-6401). - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). - crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). - crypto: qat - make fw images name constant (PED-6401). - crypto: qat - make state machine functions static (PED-6401). - crypto: qat - move dbgfs init to separate file (PED-6401). - crypto: qat - move returns to default case (PED-6401). - crypto: qat - refactor device restart logic (PED-6401). - crypto: qat - refactor fw config logic for 4xxx (PED-6401). - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). - crypto: qat - Remove unused function declarations (PED-6401). - crypto: qat - replace state machine calls (PED-6401). - crypto: qat - replace the if statement with min() (PED-6401). - crypto: qat - set deprecated capabilities as reserved (PED-6401). - crypto: qat - unmap buffer before free for DH (PED-6401). - crypto: qat - unmap buffers before free for RSA (PED-6401). - crypto: qat - update slice mask for 4xxx devices (PED-6401). - crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes). - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). - dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). - Documentation: qat: change kernel version (PED-6401). - Documentation: qat: rewrite description (PED-6401). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes). - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes). - drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). - drm/amd/display: Do not check registers, if using AUX BL control (git-fixes). - drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). - drm/amdgpu: add missing NULL check (git-fixes). - drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). - drm/i915: Retry gtt fault when out of fence registers (git-fixes). - drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes). - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes). - drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). - drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes). - drm/vmwgfx: fix typo of sizeof argument (git-fixes). - firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes). - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). - gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). - gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). - gpio: vf610: set value before the direction to avoid a glitch (git-fixes). - gve: Do not fully free QPL pages on prefill errors (git-fixes). - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes). - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). - HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). - HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes). - i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes). - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes). - i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). - i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes). - i2c: npcm7xx: Fix callback completion ordering (git-fixes). - IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). - iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). - iio: pressure: dps310: Adjust Timeout Settings (git-fixes). - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). - Input: xpad - add PXN V900 support (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - kabi: blkcg_policy_data fix KABI (bsc#1216062). - kabi: workaround for enum nft_trans_phase (bsc#1215104). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). - KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). - KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). - mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). - mtd: physmap-core: Restore map_rom fallback (git-fixes). - mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes). - mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes). - mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes). - mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). - mtd: spinand: micron: correct bitmask for ecc status (git-fixes). - net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). - net: mana: Fix TX CQE error handling (bsc#1215986). - net: nfc: llcp: Add lock when modifying device list (git-fixes). - net: rfkill: gpio: prevent value glitch during probe (git-fixes). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes). - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). - nfc: nci: assert requested protocol is valid (git-fixes). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes). - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). - phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). - phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). - pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). - pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). - platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes). - platform/x86: think-lmi: Fix reference leak (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). - power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes). - r8152: check budget for r8152_poll() (git-fixes). - RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) - RDMA/core: Require admin capabilities to set system parameters (git-fixes) - RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) - RDMA/mlx5: Fix NULL string error (git-fixes) - RDMA/siw: Fix connection failure handling (git-fixes) - RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) - RDMA/uverbs: Fix typo of sizeof argument (git-fixes) - regmap: fix NULL deref on lookup (git-fixes). - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - ring-buffer: Do not attempt to read past 'commit' (git-fixes). - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - ring-buffer: Update 'shortest_full' in polling (git-fixes). - s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). - s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). - sched/cpuset: Bring back cpuset_mutex (bsc#1215955). - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). - sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). - sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). - serial: 8250_port: Check IRQ data before use (git-fixes). - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes). - spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). - spi: stm32: add a delay before SPI disable (git-fixes). - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). - spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes). - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). - tracing: Have current_trace inc the trace array ref count (git-fixes). - tracing: Have event inject files inc the trace array ref count (git-fixes). - tracing: Have option files inc the trace array ref count (git-fixes). - tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). - tracing: Increase trace array ref count on enable and filter files (git-fixes). - tracing: Make trace_marker{,_raw} stream-like (git-fixes). - usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). - usb: dwc3: Soft reset phy on probe for host (git-fixes). - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). - usb: musb: Modify the 'HWVers' register address (git-fixes). - usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes). - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes). - vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). - watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). - wifi: cfg80211: avoid leaking stack data into trace (git-fixes). - wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). - wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). - wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). - wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). - wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes). - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes). - wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). - x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). - x86/cpu: Support AMD Automatic IBRS (bsc#1213772). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). - x86/sev: Disable MMIO emulation from user mode (bsc#1212649). - xen-netback: use default TX queue size for vifs (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4453-1 Released: Wed Nov 15 14:24:58 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1216541 This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4460-1 Released: Thu Nov 16 15:00:20 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4476-1 Released: Fri Nov 17 08:05:43 2023 Summary: Security update for xen Type: security Severity: important References: 1027519,1215145,1215474,1215746,1215747,1215748,1216654,1216807,CVE-2023-20588,CVE-2023-34322,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328,CVE-2023-46835,CVE-2023-46836 This update for xen fixes the following issues: - CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). - CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). - CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4477-1 Released: Fri Nov 17 10:21:21 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1216010,1216075,1216253 This update for grub2 fixes the following issues: - Fix failure to identify recent ext4 filesystem (bsc#1216010) - Fix reading files from btrfs with 'implicit' holes - Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) - Fix detection of encrypted disk's uuid in powerpc (bsc#1216075) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - grub2-i386-pc-2.06-150400.11.41.1 updated - grub2-x86_64-efi-2.06-150400.11.41.1 updated - grub2-2.06-150400.11.41.1 updated - kernel-default-5.14.21-150400.24.97.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - libavahi-common3-0.8-150400.7.10.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libjansson4-2.14-150000.3.5.1 updated - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libpci3-3.5.6-150300.13.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libxml2-2-2.9.14-150400.5.25.1 updated - libzypp-17.31.22-150400.3.43.1 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated - pciutils-3.5.6-150300.13.6.1 updated - python-instance-billing-flavor-check-0.0.4-150400.1.1 updated - python3-requests-2.25.1-150300.3.6.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - python3-urllib3-1.25.10-150300.4.9.1 updated - rsyslog-module-relp-8.2306.0-150400.5.21.1 updated - rsyslog-8.2306.0-150400.5.21.1 updated - vim-data-common-9.0.2103-150000.5.57.1 updated - vim-9.0.2103-150000.5.57.1 updated - xen-libs-4.16.5_08-150400.4.40.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-security-updates at lists.suse.com Wed Nov 29 08:01:07 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Nov 2023 09:01:07 +0100 (CET) Subject: SUSE-IU-2023:846-1: Security update of suse-sles-15-sp4-chost-byos-v20231127-x86_64-gen2 Message-ID: <20231129080107.8AE36F3CA@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20231127-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:846-1 Image Tags : suse-sles-15-sp4-chost-byos-v20231127-x86_64-gen2:20231127 Image Release : Severity : important Type : security References : 1027519 1041742 1111622 1170175 1176785 1184753 1196647 1199282 1203760 1206480 1206667 1206684 1208788 1209998 1210286 1210557 1210778 1211307 1211427 1212101 1212422 1212423 1212649 1213705 1213772 1213915 1214052 1214460 1214842 1215095 1215104 1215145 1215265 1215427 1215474 1215518 1215746 1215747 1215748 1215940 1215947 1215955 1215956 1215957 1215979 1215986 1216001 1216010 1216062 1216075 1216091 1216129 1216167 1216253 1216345 1216377 1216419 1216510 1216511 1216512 1216541 1216621 1216654 1216664 1216696 1216807 1216922 CVE-2022-40897 CVE-2023-20588 CVE-2023-2163 CVE-2023-31085 CVE-2023-34322 CVE-2023-34324 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-3777 CVE-2023-38470 CVE-2023-38473 CVE-2023-39189 CVE-2023-39193 CVE-2023-4039 CVE-2023-45322 CVE-2023-45803 CVE-2023-46246 CVE-2023-46835 CVE-2023-46836 CVE-2023-5178 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 CVE-2023-5678 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20231127-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4268-1 Released: Mon Oct 30 16:51:57 2023 Summary: Recommended update for pciutils Type: recommended Severity: important References: 1215265 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4378-1 Released: Mon Nov 6 14:54:59 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1208788,1210778,1211307,1212423,1212649,1213705,1213772,1214842,1215095,1215104,1215518,1215955,1215956,1215957,1215986,1216062,1216345,1216510,1216511,1216512,1216621,CVE-2023-2163,CVE-2023-31085,CVE-2023-34324,CVE-2023-3777,CVE-2023-39189,CVE-2023-39193,CVE-2023-5178 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) The following non-security bugs were fixed: - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). - ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). - ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). - ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). - ASoC: pxa: fix a memory leak in probe() (git-fixes). - ata: libata-core: Do not register PM operations for SAS ports (git-fixes). - ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). - ata: libata-core: Fix port and device removal (git-fixes). - ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). - blk-cgroup: support to track if policy is online (bsc#1216062). - Bluetooth: avoid memcmp() out of bounds warning (git-fixes). - Bluetooth: Avoid redundant authentication (git-fixes). - Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). - Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). - Bluetooth: hci_event: Fix coding style (git-fixes). - Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). - Bluetooth: hci_event: Ignore NULL link key (git-fixes). - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). - Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes). - Bluetooth: vhci: Fix race when opening vhci device (git-fixes). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes). - cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). - clk: tegra: fix error return case for recalc_rate (git-fixes). - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes). - crypto: qat - add fw_counters debugfs file (PED-6401). - crypto: qat - add heartbeat counters check (PED-6401). - crypto: qat - add heartbeat feature (PED-6401). - crypto: qat - add internal timer for qat 4xxx (PED-6401). - crypto: qat - add measure clock frequency (PED-6401). - crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). - crypto: qat - add qat_zlib_deflate (PED-6401). - crypto: qat - add support for 402xx devices (PED-6401). - crypto: qat - change value of default idle filter (PED-6401). - crypto: qat - delay sysfs initialization (PED-6401). - crypto: qat - do not export adf_init_admin_pm() (PED-6401). - crypto: qat - drop log level of msg in get_instance_node() (PED-6401). - crypto: qat - drop obsolete heartbeat interface (PED-6401). - crypto: qat - drop redundant adf_enable_aer() (PED-6401). - crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). - crypto: qat - extend buffer list logic interface (PED-6401). - crypto: qat - extend configuration for 4xxx (PED-6401). - crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). - crypto: qat - fix concurrency issue when device state changes (PED-6401). - crypto: qat - fix crypto capability detection for 4xxx (PED-6401). - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). - crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). - crypto: qat - make fw images name constant (PED-6401). - crypto: qat - make state machine functions static (PED-6401). - crypto: qat - move dbgfs init to separate file (PED-6401). - crypto: qat - move returns to default case (PED-6401). - crypto: qat - refactor device restart logic (PED-6401). - crypto: qat - refactor fw config logic for 4xxx (PED-6401). - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). - crypto: qat - Remove unused function declarations (PED-6401). - crypto: qat - replace state machine calls (PED-6401). - crypto: qat - replace the if statement with min() (PED-6401). - crypto: qat - set deprecated capabilities as reserved (PED-6401). - crypto: qat - unmap buffer before free for DH (PED-6401). - crypto: qat - unmap buffers before free for RSA (PED-6401). - crypto: qat - update slice mask for 4xxx devices (PED-6401). - crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes). - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). - dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). - Documentation: qat: change kernel version (PED-6401). - Documentation: qat: rewrite description (PED-6401). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes). - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes). - drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). - drm/amd/display: Do not check registers, if using AUX BL control (git-fixes). - drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). - drm/amdgpu: add missing NULL check (git-fixes). - drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). - drm/i915: Retry gtt fault when out of fence registers (git-fixes). - drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes). - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes). - drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). - drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes). - drm/vmwgfx: fix typo of sizeof argument (git-fixes). - firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes). - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). - gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). - gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). - gpio: vf610: set value before the direction to avoid a glitch (git-fixes). - gve: Do not fully free QPL pages on prefill errors (git-fixes). - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes). - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). - HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). - HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes). - i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes). - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes). - i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). - i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes). - i2c: npcm7xx: Fix callback completion ordering (git-fixes). - IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). - iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). - iio: pressure: dps310: Adjust Timeout Settings (git-fixes). - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). - Input: xpad - add PXN V900 support (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - kabi: blkcg_policy_data fix KABI (bsc#1216062). - kabi: workaround for enum nft_trans_phase (bsc#1215104). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). - KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). - KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). - mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). - mtd: physmap-core: Restore map_rom fallback (git-fixes). - mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes). - mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes). - mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes). - mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). - mtd: spinand: micron: correct bitmask for ecc status (git-fixes). - net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). - net: mana: Fix TX CQE error handling (bsc#1215986). - net: nfc: llcp: Add lock when modifying device list (git-fixes). - net: rfkill: gpio: prevent value glitch during probe (git-fixes). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes). - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). - nfc: nci: assert requested protocol is valid (git-fixes). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes). - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). - phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). - phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). - pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). - pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). - platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes). - platform/x86: think-lmi: Fix reference leak (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). - power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes). - r8152: check budget for r8152_poll() (git-fixes). - RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) - RDMA/core: Require admin capabilities to set system parameters (git-fixes) - RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) - RDMA/mlx5: Fix NULL string error (git-fixes) - RDMA/siw: Fix connection failure handling (git-fixes) - RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) - RDMA/uverbs: Fix typo of sizeof argument (git-fixes) - regmap: fix NULL deref on lookup (git-fixes). - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - ring-buffer: Do not attempt to read past 'commit' (git-fixes). - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - ring-buffer: Update 'shortest_full' in polling (git-fixes). - s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). - s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). - sched/cpuset: Bring back cpuset_mutex (bsc#1215955). - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). - sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). - sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). - serial: 8250_port: Check IRQ data before use (git-fixes). - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes). - spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). - spi: stm32: add a delay before SPI disable (git-fixes). - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). - spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes). - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). - tracing: Have current_trace inc the trace array ref count (git-fixes). - tracing: Have event inject files inc the trace array ref count (git-fixes). - tracing: Have option files inc the trace array ref count (git-fixes). - tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). - tracing: Increase trace array ref count on enable and filter files (git-fixes). - tracing: Make trace_marker{,_raw} stream-like (git-fixes). - usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). - usb: dwc3: Soft reset phy on probe for host (git-fixes). - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). - usb: musb: Modify the 'HWVers' register address (git-fixes). - usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes). - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes). - vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). - watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). - wifi: cfg80211: avoid leaking stack data into trace (git-fixes). - wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). - wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). - wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). - wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). - wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes). - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes). - wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). - x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). - x86/cpu: Support AMD Automatic IBRS (bsc#1213772). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). - x86/sev: Disable MMIO emulation from user mode (bsc#1212649). - xen-netback: use default TX queue size for vifs (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4453-1 Released: Wed Nov 15 14:24:58 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1216541 This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4460-1 Released: Thu Nov 16 15:00:20 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4476-1 Released: Fri Nov 17 08:05:43 2023 Summary: Security update for xen Type: security Severity: important References: 1027519,1215145,1215474,1215746,1215747,1215748,1216654,1216807,CVE-2023-20588,CVE-2023-34322,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328,CVE-2023-46835,CVE-2023-46836 This update for xen fixes the following issues: - CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). - CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). - CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4477-1 Released: Fri Nov 17 10:21:21 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1216010,1216075,1216253 This update for grub2 fixes the following issues: - Fix failure to identify recent ext4 filesystem (bsc#1216010) - Fix reading files from btrfs with 'implicit' holes - Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) - Fix detection of encrypted disk's uuid in powerpc (bsc#1216075) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - grub2-i386-pc-2.06-150400.11.41.1 updated - grub2-x86_64-efi-2.06-150400.11.41.1 updated - grub2-2.06-150400.11.41.1 updated - kernel-default-5.14.21-150400.24.97.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - libavahi-common3-0.8-150400.7.10.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libjansson4-2.14-150000.3.5.1 updated - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libpci3-3.5.6-150300.13.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libxml2-2-2.9.14-150400.5.25.1 updated - libzypp-17.31.22-150400.3.43.1 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated - pciutils-3.5.6-150300.13.6.1 updated - python-instance-billing-flavor-check-0.0.4-150400.1.1 updated - python3-requests-2.25.1-150300.3.6.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - python3-urllib3-1.25.10-150300.4.9.1 updated - rsyslog-module-relp-8.2306.0-150400.5.21.1 updated - rsyslog-8.2306.0-150400.5.21.1 updated - vim-data-common-9.0.2103-150000.5.57.1 updated - vim-9.0.2103-150000.5.57.1 updated - xen-libs-4.16.5_08-150400.4.40.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-security-updates at lists.suse.com Wed Nov 29 08:01:14 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Nov 2023 09:01:14 +0100 (CET) Subject: SUSE-IU-2023:847-1: Security update of suse-sles-15-sp4-chost-byos-v20231127-hvm-ssd-x86_64 Message-ID: <20231129080114.CFD28FBA9@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20231127-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:847-1 Image Tags : suse-sles-15-sp4-chost-byos-v20231127-hvm-ssd-x86_64:20231127 Image Release : Severity : important Type : security References : 1027519 1041742 1111622 1170175 1176785 1184753 1196647 1199282 1203760 1206480 1206667 1206684 1208788 1209998 1210286 1210557 1210778 1211307 1211427 1212101 1212422 1212423 1212649 1213705 1213772 1213915 1214052 1214460 1214842 1215095 1215104 1215145 1215265 1215427 1215474 1215518 1215746 1215747 1215748 1215940 1215947 1215955 1215956 1215957 1215979 1215986 1216001 1216010 1216062 1216075 1216091 1216129 1216167 1216253 1216345 1216377 1216419 1216510 1216511 1216512 1216541 1216621 1216654 1216664 1216696 1216807 1216922 CVE-2022-40897 CVE-2023-20588 CVE-2023-2163 CVE-2023-31085 CVE-2023-34322 CVE-2023-34324 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-3777 CVE-2023-38470 CVE-2023-38473 CVE-2023-39189 CVE-2023-39193 CVE-2023-4039 CVE-2023-45322 CVE-2023-45803 CVE-2023-46246 CVE-2023-46835 CVE-2023-46836 CVE-2023-5178 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 CVE-2023-5678 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20231127-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4268-1 Released: Mon Oct 30 16:51:57 2023 Summary: Recommended update for pciutils Type: recommended Severity: important References: 1215265 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4378-1 Released: Mon Nov 6 14:54:59 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1208788,1210778,1211307,1212423,1212649,1213705,1213772,1214842,1215095,1215104,1215518,1215955,1215956,1215957,1215986,1216062,1216345,1216510,1216511,1216512,1216621,CVE-2023-2163,CVE-2023-31085,CVE-2023-34324,CVE-2023-3777,CVE-2023-39189,CVE-2023-39193,CVE-2023-5178 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) The following non-security bugs were fixed: - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). - ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). - ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). - ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). - ASoC: pxa: fix a memory leak in probe() (git-fixes). - ata: libata-core: Do not register PM operations for SAS ports (git-fixes). - ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). - ata: libata-core: Fix port and device removal (git-fixes). - ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). - blk-cgroup: support to track if policy is online (bsc#1216062). - Bluetooth: avoid memcmp() out of bounds warning (git-fixes). - Bluetooth: Avoid redundant authentication (git-fixes). - Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). - Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). - Bluetooth: hci_event: Fix coding style (git-fixes). - Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). - Bluetooth: hci_event: Ignore NULL link key (git-fixes). - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). - Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes). - Bluetooth: vhci: Fix race when opening vhci device (git-fixes). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes). - cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). - clk: tegra: fix error return case for recalc_rate (git-fixes). - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes). - crypto: qat - add fw_counters debugfs file (PED-6401). - crypto: qat - add heartbeat counters check (PED-6401). - crypto: qat - add heartbeat feature (PED-6401). - crypto: qat - add internal timer for qat 4xxx (PED-6401). - crypto: qat - add measure clock frequency (PED-6401). - crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). - crypto: qat - add qat_zlib_deflate (PED-6401). - crypto: qat - add support for 402xx devices (PED-6401). - crypto: qat - change value of default idle filter (PED-6401). - crypto: qat - delay sysfs initialization (PED-6401). - crypto: qat - do not export adf_init_admin_pm() (PED-6401). - crypto: qat - drop log level of msg in get_instance_node() (PED-6401). - crypto: qat - drop obsolete heartbeat interface (PED-6401). - crypto: qat - drop redundant adf_enable_aer() (PED-6401). - crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). - crypto: qat - extend buffer list logic interface (PED-6401). - crypto: qat - extend configuration for 4xxx (PED-6401). - crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). - crypto: qat - fix concurrency issue when device state changes (PED-6401). - crypto: qat - fix crypto capability detection for 4xxx (PED-6401). - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). - crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). - crypto: qat - make fw images name constant (PED-6401). - crypto: qat - make state machine functions static (PED-6401). - crypto: qat - move dbgfs init to separate file (PED-6401). - crypto: qat - move returns to default case (PED-6401). - crypto: qat - refactor device restart logic (PED-6401). - crypto: qat - refactor fw config logic for 4xxx (PED-6401). - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). - crypto: qat - Remove unused function declarations (PED-6401). - crypto: qat - replace state machine calls (PED-6401). - crypto: qat - replace the if statement with min() (PED-6401). - crypto: qat - set deprecated capabilities as reserved (PED-6401). - crypto: qat - unmap buffer before free for DH (PED-6401). - crypto: qat - unmap buffers before free for RSA (PED-6401). - crypto: qat - update slice mask for 4xxx devices (PED-6401). - crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes). - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). - dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). - Documentation: qat: change kernel version (PED-6401). - Documentation: qat: rewrite description (PED-6401). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes). - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes). - drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). - drm/amd/display: Do not check registers, if using AUX BL control (git-fixes). - drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). - drm/amdgpu: add missing NULL check (git-fixes). - drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). - drm/i915: Retry gtt fault when out of fence registers (git-fixes). - drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes). - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes). - drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). - drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes). - drm/vmwgfx: fix typo of sizeof argument (git-fixes). - firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes). - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). - gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). - gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). - gpio: vf610: set value before the direction to avoid a glitch (git-fixes). - gve: Do not fully free QPL pages on prefill errors (git-fixes). - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes). - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). - HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). - HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes). - i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes). - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes). - i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). - i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes). - i2c: npcm7xx: Fix callback completion ordering (git-fixes). - IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). - iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). - iio: pressure: dps310: Adjust Timeout Settings (git-fixes). - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). - Input: xpad - add PXN V900 support (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - kabi: blkcg_policy_data fix KABI (bsc#1216062). - kabi: workaround for enum nft_trans_phase (bsc#1215104). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). - KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). - KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). - mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). - mtd: physmap-core: Restore map_rom fallback (git-fixes). - mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes). - mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes). - mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes). - mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). - mtd: spinand: micron: correct bitmask for ecc status (git-fixes). - net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). - net: mana: Fix TX CQE error handling (bsc#1215986). - net: nfc: llcp: Add lock when modifying device list (git-fixes). - net: rfkill: gpio: prevent value glitch during probe (git-fixes). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes). - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). - nfc: nci: assert requested protocol is valid (git-fixes). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes). - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). - phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). - phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). - pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). - pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). - platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes). - platform/x86: think-lmi: Fix reference leak (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). - power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes). - r8152: check budget for r8152_poll() (git-fixes). - RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) - RDMA/core: Require admin capabilities to set system parameters (git-fixes) - RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) - RDMA/mlx5: Fix NULL string error (git-fixes) - RDMA/siw: Fix connection failure handling (git-fixes) - RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) - RDMA/uverbs: Fix typo of sizeof argument (git-fixes) - regmap: fix NULL deref on lookup (git-fixes). - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - ring-buffer: Do not attempt to read past 'commit' (git-fixes). - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - ring-buffer: Update 'shortest_full' in polling (git-fixes). - s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). - s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). - sched/cpuset: Bring back cpuset_mutex (bsc#1215955). - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). - sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). - sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). - serial: 8250_port: Check IRQ data before use (git-fixes). - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes). - spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). - spi: stm32: add a delay before SPI disable (git-fixes). - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). - spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes). - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). - tracing: Have current_trace inc the trace array ref count (git-fixes). - tracing: Have event inject files inc the trace array ref count (git-fixes). - tracing: Have option files inc the trace array ref count (git-fixes). - tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). - tracing: Increase trace array ref count on enable and filter files (git-fixes). - tracing: Make trace_marker{,_raw} stream-like (git-fixes). - usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). - usb: dwc3: Soft reset phy on probe for host (git-fixes). - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). - usb: musb: Modify the 'HWVers' register address (git-fixes). - usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes). - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes). - vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). - watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). - wifi: cfg80211: avoid leaking stack data into trace (git-fixes). - wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). - wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). - wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). - wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). - wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes). - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes). - wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). - x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). - x86/cpu: Support AMD Automatic IBRS (bsc#1213772). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). - x86/sev: Disable MMIO emulation from user mode (bsc#1212649). - xen-netback: use default TX queue size for vifs (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4453-1 Released: Wed Nov 15 14:24:58 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1216541 This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4460-1 Released: Thu Nov 16 15:00:20 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4476-1 Released: Fri Nov 17 08:05:43 2023 Summary: Security update for xen Type: security Severity: important References: 1027519,1215145,1215474,1215746,1215747,1215748,1216654,1216807,CVE-2023-20588,CVE-2023-34322,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328,CVE-2023-46835,CVE-2023-46836 This update for xen fixes the following issues: - CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). - CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). - CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4477-1 Released: Fri Nov 17 10:21:21 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1216010,1216075,1216253 This update for grub2 fixes the following issues: - Fix failure to identify recent ext4 filesystem (bsc#1216010) - Fix reading files from btrfs with 'implicit' holes - Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) - Fix detection of encrypted disk's uuid in powerpc (bsc#1216075) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4524-1 Released: Tue Nov 21 17:51:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4537-1 Released: Thu Nov 23 09:34:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - grub2-i386-pc-2.06-150400.11.41.1 updated - grub2-x86_64-efi-2.06-150400.11.41.1 updated - grub2-x86_64-xen-2.06-150400.11.41.1 updated - grub2-2.06-150400.11.41.1 updated - kernel-default-5.14.21-150400.24.97.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - libavahi-common3-0.8-150400.7.10.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libjansson4-2.14-150000.3.5.1 updated - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libpci3-3.5.6-150300.13.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libxml2-2-2.9.14-150400.5.25.1 updated - libzypp-17.31.22-150400.3.43.1 updated - openssl-1_1-1.1.1l-150400.7.60.2 updated - pciutils-3.5.6-150300.13.6.1 updated - python-instance-billing-flavor-check-0.0.4-150400.1.1 updated - python3-requests-2.25.1-150300.3.6.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - python3-urllib3-1.25.10-150300.4.9.1 updated - rsyslog-module-relp-8.2306.0-150400.5.21.1 updated - rsyslog-8.2306.0-150400.5.21.1 updated - vim-data-common-9.0.2103-150000.5.57.1 updated - vim-9.0.2103-150000.5.57.1 updated - xen-libs-4.16.5_08-150400.4.40.1 updated - xen-tools-domU-4.16.5_08-150400.4.40.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-security-updates at lists.suse.com Wed Nov 29 12:30:03 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Nov 2023 12:30:03 -0000 Subject: SUSE-SU-2023:4609-1: moderate: Security update for python-azure-storage-queue Message-ID: <170126100312.4959.7677962082278422200@smelt2.prg2.suse.org> # Security update for python-azure-storage-queue Announcement ID: SUSE-SU-2023:4609-1 Rating: moderate References: * bsc#1202088 Cross-References: * CVE-2022-30187 CVSS scores: * CVE-2022-30187 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-30187 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 An update that solves one vulnerability can now be installed. ## Description: This update for python-azure-storage-queue fixes the following issues: * CVE-2022-30187: Fixed information disclosure vulnerability (bsc#1202088). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-4609=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-4609=1 ## Package List: * Public Cloud Module 15-SP2 (noarch) * python2-azure-storage-queue-12.4.0-150100.3.7.1 * Public Cloud Module 15-SP1 (noarch) * python2-azure-storage-queue-12.4.0-150100.3.7.1 * python3-azure-storage-queue-12.4.0-150100.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2022-30187.html * https://bugzilla.suse.com/show_bug.cgi?id=1202088 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 29 12:30:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Nov 2023 12:30:04 -0000 Subject: SUSE-SU-2023:4608-1: moderate: Security update for python-Twisted Message-ID: <170126100493.4959.13918594490175793381@smelt2.prg2.suse.org> # Security update for python-Twisted Announcement ID: SUSE-SU-2023:4608-1 Rating: moderate References: * bsc#1216588 Cross-References: * CVE-2023-46137 CVSS scores: * CVE-2023-46137 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46137 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Python 3 Module 15-SP4 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-Twisted fixes the following issues: * CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. (bsc#1216588) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4608=1 openSUSE-SLE-15.4-2023-4608=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4608=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4608=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4608=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-Twisted-22.10.0-150400.5.13.1 * python311-Twisted-conch_nacl-22.10.0-150400.5.13.1 * python311-Twisted-serial-22.10.0-150400.5.13.1 * python311-Twisted-tls-22.10.0-150400.5.13.1 * python311-Twisted-contextvars-22.10.0-150400.5.13.1 * python311-Twisted-http2-22.10.0-150400.5.13.1 * python311-Twisted-conch-22.10.0-150400.5.13.1 * python311-Twisted-all_non_platform-22.10.0-150400.5.13.1 * openSUSE Leap 15.5 (noarch) * python311-Twisted-22.10.0-150400.5.13.1 * python311-Twisted-conch_nacl-22.10.0-150400.5.13.1 * python311-Twisted-serial-22.10.0-150400.5.13.1 * python311-Twisted-tls-22.10.0-150400.5.13.1 * python311-Twisted-contextvars-22.10.0-150400.5.13.1 * python311-Twisted-http2-22.10.0-150400.5.13.1 * python311-Twisted-conch-22.10.0-150400.5.13.1 * python311-Twisted-all_non_platform-22.10.0-150400.5.13.1 * Python 3 Module 15-SP4 (noarch) * python311-Twisted-22.10.0-150400.5.13.1 * python311-Twisted-conch_nacl-22.10.0-150400.5.13.1 * python311-Twisted-serial-22.10.0-150400.5.13.1 * python311-Twisted-tls-22.10.0-150400.5.13.1 * python311-Twisted-contextvars-22.10.0-150400.5.13.1 * python311-Twisted-http2-22.10.0-150400.5.13.1 * python311-Twisted-conch-22.10.0-150400.5.13.1 * python311-Twisted-all_non_platform-22.10.0-150400.5.13.1 * Python 3 Module 15-SP5 (noarch) * python311-Twisted-22.10.0-150400.5.13.1 * python311-Twisted-conch_nacl-22.10.0-150400.5.13.1 * python311-Twisted-serial-22.10.0-150400.5.13.1 * python311-Twisted-tls-22.10.0-150400.5.13.1 * python311-Twisted-contextvars-22.10.0-150400.5.13.1 * python311-Twisted-http2-22.10.0-150400.5.13.1 * python311-Twisted-conch-22.10.0-150400.5.13.1 * python311-Twisted-all_non_platform-22.10.0-150400.5.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46137.html * https://bugzilla.suse.com/show_bug.cgi?id=1216588 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 29 12:30:07 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Nov 2023 12:30:07 -0000 Subject: SUSE-SU-2023:4607-1: moderate: Security update for python3-Twisted Message-ID: <170126100707.4959.16870597589719313270@smelt2.prg2.suse.org> # Security update for python3-Twisted Announcement ID: SUSE-SU-2023:4607-1 Rating: moderate References: * bsc#1216588 Cross-References: * CVE-2023-46137 CVSS scores: * CVE-2023-46137 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46137 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python3-Twisted fixes the following issues: * CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. (bsc#1216588) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4607=1 openSUSE-SLE-15.4-2023-4607=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4607=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4607=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4607=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python3-Twisted-22.2.0-150400.15.1 * python-Twisted-doc-22.2.0-150400.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python3-Twisted-22.2.0-150400.15.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-Twisted-22.2.0-150400.15.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-Twisted-22.2.0-150400.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46137.html * https://bugzilla.suse.com/show_bug.cgi?id=1216588 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 29 15:11:47 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Nov 2023 16:11:47 +0100 (CET) Subject: SUSE-CU-2023:3915-1: Security update of caasp/v4/cilium Message-ID: <20231129151147.F30D0FD1F@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4/cilium ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3915-1 Container Tags : caasp/v4/cilium:1.6.6 , caasp/v4/cilium:1.6.6-rev6 , caasp/v4/cilium:1.6.6-rev6-build3.17.1 Container Release : 3.17.1 Severity : critical Type : security References : 1040589 1041742 1065270 1082318 1087072 1089497 1099272 1099695 1115529 1121227 1121230 1122004 1122021 1127591 1128846 1142579 1148309 1158763 1159635 1160285 1162964 1172113 1172427 1173277 1174075 1174414 1174911 1177047 1178233 1180065 1180689 1180713 1180995 1181475 1181826 1181961 1181961 1182959 1183533 1184501 1185597 1185637 1185712 1187512 1187906 1188374 1189152 1189282 1189802 1190447 1190926 1191157 1191473 1191502 1191908 1192951 1193007 1193015 1193489 1193625 1193659 1193759 1193805 1193841 1193929 1194038 1194229 1194550 1194597 1194640 1194642 1194768 1194770 1194783 1194848 1194883 1194898 1195054 1195149 1195217 1195251 1195258 1195283 1195326 1195468 1195517 1195529 1195560 1195628 1195633 1195654 1195773 1195792 1195856 1195899 1195999 1196025 1196025 1196026 1196036 1196061 1196093 1196107 1196167 1196168 1196169 1196171 1196275 1196317 1196368 1196406 1196490 1196514 1196784 1196840 1196861 1196861 1196877 1196925 1196939 1197004 1197004 1197024 1197065 1197134 1197178 1197443 1197459 1197592 1197684 1197716 1197771 1197775 1197794 1198062 1198062 1198237 1198237 1198341 1198422 1198446 1198458 1198627 1198731 1198752 1198925 1199042 1199132 1199132 1199140 1199166 1199223 1199224 1199232 1199240 1199492 1199524 1199895 1199918 1199926 1199927 1199944 1200170 1200441 1200441 1200485 1200550 1200735 1200737 1200800 1200842 1200962 1200993 1201092 1201099 1201225 1201576 1201627 1201638 1201680 1201783 1201959 1201972 1201978 1202020 1202175 1202593 1202816 1202966 1202967 1202969 1203248 1203249 1203438 1203649 1203652 1203652 1203715 1203760 1204111 1204112 1204113 1204357 1204366 1204367 1204383 1204505 1204548 1204585 1204585 1204690 1204708 1204956 1205126 1205145 1205570 1205636 1205646 1206080 1206309 1206337 1206346 1206346 1206412 1206480 1206480 1206513 1206556 1206579 1206684 1206684 1206949 1207533 1207534 1207534 1207536 1207992 1208037 1208038 1208040 1208067 1208329 1208409 1209122 1209209 1209210 1209211 1209212 1209214 1209406 1209533 1209624 1209642 1209873 1209878 1210096 1210297 1210323 1210411 1210412 1210434 1210507 1210557 1210557 1210593 1210733 1210740 1210870 1211079 1211231 1211232 1211233 1211261 1211339 1211419 1211427 1211427 1211430 1211604 1211605 1211606 1211607 1211661 1211945 1211946 1211947 1211948 1211951 1212101 1212101 1212126 1212187 1212187 1212222 1212422 1212475 1212475 1212475 1212475 1213231 1213282 1213458 1213487 1213517 1213557 1213673 1213853 1213854 1213865 1213915 1213915 1214025 1214052 1214052 1214052 1214052 1214054 1214290 1214292 1214395 1214460 1214460 1214565 1214567 1214579 1214580 1214604 1214611 1214619 1214620 1214623 1214624 1214625 1214768 1214806 1215007 1215286 1215427 1215505 1215713 1215979 1216006 1216006 1216091 1216129 1216174 1216378 1216664 1216922 CVE-2015-8985 CVE-2016-3709 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2018-7738 CVE-2019-1010204 CVE-2019-19906 CVE-2019-2708 CVE-2019-6285 CVE-2019-6292 CVE-2020-14367 CVE-2020-19726 CVE-2020-29362 CVE-2021-20206 CVE-2021-20206 CVE-2021-22570 CVE-2021-28153 CVE-2021-32256 CVE-2021-3530 CVE-2021-3541 CVE-2021-3648 CVE-2021-36690 CVE-2021-3826 CVE-2021-3999 CVE-2021-4209 CVE-2021-45078 CVE-2021-46195 CVE-2021-46828 CVE-2021-46848 CVE-2022-0778 CVE-2022-1271 CVE-2022-1271 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1664 CVE-2022-1706 CVE-2022-2068 CVE-2022-2097 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23852 CVE-2022-23990 CVE-2022-24407 CVE-2022-2509 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-27781 CVE-2022-27782 CVE-2022-27943 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-32221 CVE-2022-34903 CVE-2022-3515 CVE-2022-35205 CVE-2022-35206 CVE-2022-35252 CVE-2022-35737 CVE-2022-37434 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-4285 CVE-2022-42898 CVE-2022-4304 CVE-2022-4304 CVE-2022-43552 CVE-2022-43680 CVE-2022-44840 CVE-2022-45703 CVE-2022-46908 CVE-2022-47629 CVE-2022-47673 CVE-2022-47695 CVE-2022-47696 CVE-2022-48063 CVE-2022-48064 CVE-2022-48065 CVE-2022-48468 CVE-2022-4899 CVE-2022-4904 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-1579 CVE-2023-1972 CVE-2023-2222 CVE-2023-23916 CVE-2023-25585 CVE-2023-25587 CVE-2023-25588 CVE-2023-2603 CVE-2023-2650 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-29499 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 CVE-2023-32611 CVE-2023-32636 CVE-2023-32643 CVE-2023-32665 CVE-2023-3446 CVE-2023-34969 CVE-2023-35945 CVE-2023-36054 CVE-2023-3817 CVE-2023-39615 CVE-2023-4016 CVE-2023-4039 CVE-2023-4039 CVE-2023-4039 CVE-2023-4039 CVE-2023-4156 CVE-2023-44487 CVE-2023-45322 CVE-2023-45853 CVE-2023-4641 CVE-2023-4813 CVE-2023-5678 ----------------------------------------------------------------- The container caasp/v4/cilium was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:337-1 Released: Fri Feb 4 10:24:28 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1194597,1194898 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:473-1 Released: Thu Feb 17 10:29:42 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:823-1 Released: Mon Mar 14 15:16:37 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:853-1 Released: Tue Mar 15 19:27:30 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1196877,CVE-2022-0778 This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1131-1 Released: Fri Apr 8 09:43:53 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1250-1 Released: Sun Apr 17 15:39:47 2022 Summary: Security update for gzip Type: security Severity: important References: 1177047,1180713,1198062,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following non-security bugs were fixed: - Fixed an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198237 This update for binutils fixes the following issues: - The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1656-1 Released: Fri May 13 15:38:02 2022 Summary: Recommended update for llvm7 Type: recommended Severity: moderate References: 1197775 This update for llvm7 fixes the following issues: - Backport fixes and changes from Factory. (bsc#1197775) - Drop RUNPATH from packaged binaries, instead set LD_LIBRARY_PATH for building and testing to simulate behavior of actual package. - Fix build with linux-glibc-devel 5.13. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1674-1 Released: Mon May 16 10:12:11 2022 Summary: Security update for gzip Type: security Severity: important References: CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Add hardening for zgrep. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1832-1 Released: Tue May 24 11:52:33 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1191157,1197004,1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: Security: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). Bugfixes: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1851-1 Released: Thu May 26 08:59:55 2022 Summary: Recommended update for gcc8 Type: recommended Severity: moderate References: 1197716 This update for gcc8 fixes the following issues: - Fix build against SP4. (bsc#1197716) - Remove bogus fixed include bits/statx.h from glibc 2.30 (bsc#1197716) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2049-1 Released: Mon Jun 13 09:23:52 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1191908,1198422 This update for binutils fixes the following issues: - Revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422] - Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2068-1 Released: Tue Jun 14 10:14:47 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,CVE-2022-1292 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2157-1 Released: Wed Jun 22 17:11:26 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198458 This update for binutils fixes the following issues: - For building the shim 15.6~rc1 and later versions aarch64 image, objcopy needs to support efi-app-aarch64 target. (bsc#1198458) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2179-1 Released: Fri Jun 24 14:05:25 2022 Summary: Security update for openssl Type: security Severity: moderate References: 1200550,CVE-2022-2068 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2311-1 Released: Wed Jul 6 15:16:17 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2471-1 Released: Thu Jul 21 04:42:58 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1148309,1191502,1195529,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - basic/env-util: Allow newlines in values of environment variables - man: tweak description of auto/noauto (bsc#1191502) - shared/install: avoid overwriting 'r' counter with a partial result (bsc#1148309) - shared/install: fix error codes returned by install_context_apply() - shared/install: ignore failures for auxiliary files - systemctl: suppress enable/disable messages when `-q` is given - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2571-1 Released: Thu Jul 28 04:20:52 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2829-1 Released: Wed Aug 17 13:33:11 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,1200735,1200737,CVE-2022-27781,CVE-2022-27782,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223). - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even when a related option had been changed (bsc#1199224). - CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused by an unbounded number of compression layers (bsc#1200735). - CVE-2022-32208: Fixed an incorrect message verification issue when performing FTP transfers using krb5 (bsc#1200737). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2830-1 Released: Wed Aug 17 14:36:26 2022 Summary: Security update for gnutls Type: security Severity: important References: 1196167,1202020,CVE-2021-4209,CVE-2022-2509 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2905-1 Released: Fri Aug 26 05:30:33 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2991-1 Released: Thu Sep 1 16:04:30 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1198752,1200800,1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed an uncontrolled file descriptor consumption, which could be exploited by remote attackers to prevent applications using the library from accepting new connections (bsc#1201680). Non-security fixes: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate References: 1198925 This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3129-1 Released: Wed Sep 7 04:42:53 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731,1200842 This update for util-linux fixes the following issues: - su: Change owner and mode for pty (bsc#1200842) - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) - mesg: use only stat() to get the current terminal status (bsc#1200842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3144-1 Released: Wed Sep 7 11:04:23 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a potential signature forgery via injection into the status line when certain unusual conditions are met (bsc#1201225). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3221-1 Released: Fri Sep 9 04:31:28 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3549-1 Released: Fri Oct 7 14:39:40 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1159635,CVE-2019-19906 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write that could lead to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet (bsc#1159635). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3566-1 Released: Tue Oct 11 16:19:09 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3774-1 Released: Wed Oct 26 12:21:09 2022 Summary: Security update for curl Type: security Severity: important References: 1202593,1204383,CVE-2022-32221,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3805-1 Released: Thu Oct 27 17:19:46 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3882-1 Released: Mon Nov 7 09:06:03 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode. (bsc#1180995) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1196840,1199492,1199918,1199926,1199927 This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3975-1 Released: Mon Nov 14 15:41:13 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959 This update for util-linux fixes the following issues: - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4155-1 Released: Mon Nov 21 14:36:17 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4214-1 Released: Thu Nov 24 16:17:31 2022 Summary: Security update for libdb-4_8 Type: security Severity: low References: 1174414,CVE-2019-2708 This update for libdb-4_8 fixes the following issues: - CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4592-1 Released: Tue Dec 20 16:51:35 2022 Summary: Security update for cni Type: security Severity: important References: 1181961,CVE-2021-20206 This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4593-1 Released: Tue Dec 20 16:55:16 2022 Summary: Security update for cni-plugins Type: security Severity: important References: 1181961,CVE-2021-20206 This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:308-1 Released: Tue Feb 7 17:33:37 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,CVE-2022-4304,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:446-1 Released: Fri Feb 17 09:52:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:486-1 Released: Thu Feb 23 10:38:13 2023 Summary: Security update for c-ares Type: security Severity: important References: 1208067,CVE-2022-4904 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:787-1 Released: Thu Mar 16 19:37:18 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1748-1 Released: Tue Apr 4 09:06:59 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1908-1 Released: Wed Apr 19 08:38:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Fixed ignored invalid certificate policies in leaf certificates (bsc#1209878). - CVE-2023-0466: Fixed disabled certificate policy check (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1979-1 Released: Tue Apr 25 09:36:43 2023 Summary: Security update for protobuf-c Type: security Severity: important References: 1210323,CVE-2022-48468 This update for protobuf-c fixes the following issues: - CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1991-1 Released: Tue Apr 25 13:22:19 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1160285,1210096 This update for permissions fixes the following issues: * mariadb: settings for new auth_pam_tool (bsc#1160285, bsc#1210096) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2068-1 Released: Fri Apr 28 13:55:00 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2226-1 Released: Wed May 17 09:55:49 2023 Summary: Security update for curl Type: security Severity: important References: 1206309,1207992,1209209,1209210,1209211,1209212,1209214,1211231,1211232,1211233,1211339,CVE-2022-43552,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2248-1 Released: Thu May 18 17:06:33 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2313-1 Released: Tue May 30 09:29:25 2023 Summary: Security update for c-ares Type: security Severity: important References: 1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2324-1 Released: Tue May 30 15:52:17 2023 Summary: Security update for cni-plugins Type: security Severity: important References: 1200441 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2325-1 Released: Tue May 30 15:57:30 2023 Summary: Security update for cni Type: security Severity: important References: 1200441 This update of cni fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2327-1 Released: Tue May 30 16:44:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2472-1 Released: Thu Jun 8 10:05:45 2023 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1211661 This update for libzypp fixes the following issues: - Do not unconditionally release a medium if provideFile failed (bsc#1211661) - libzypp.spec.cmake: remove duplicate file listing - Update to version 17.31.12 (22) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2496-1 Released: Tue Jun 13 15:19:20 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1212187 This update for libzypp fixes the following issue: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2622-1 Released: Fri Jun 23 13:42:21 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests [bsc#1201627] * Add openssl-Update-further-expiring-certificates.patch ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2644-1 Released: Tue Jun 27 09:23:49 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - build: honor libproxy.pc's includedir (bsc#1212222) - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2868-1 Released: Tue Jul 18 11:35:52 2023 Summary: Security update for cni Type: security Severity: important References: 1206346 This update of cni fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2869-1 Released: Tue Jul 18 11:39:26 2023 Summary: Security update for cni-plugins Type: security Severity: important References: 1206346 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2879-1 Released: Wed Jul 19 09:45:34 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2955-1 Released: Tue Jul 25 05:22:54 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1193015 This update for util-linux fixes the following issues: - Fix memory leak on parse errors in libmount. (bsc#1193015) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2956-1 Released: Tue Jul 25 08:33:38 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211419,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2961-1 Released: Tue Jul 25 09:32:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2998-1 Released: Thu Jul 27 08:39:49 2023 Summary: Recommended update for libdb-4_8 Type: recommended Severity: moderate References: 1099695 This update for libdb-4_8 fixes the following issues: - Fix incomplete license tag (bsc#1099695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3068-1 Released: Mon Jul 31 16:33:43 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3191-1 Released: Fri Aug 4 06:29:08 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3388-1 Released: Wed Aug 23 17:14:22 2023 Summary: Recommended update for binutils Type: recommended Severity: important References: 1213282 This update for binutils fixes the following issues: - Add `binutils-disable-dt-relr.sh` to address compatibility problems with the glibc version included in future SUSE Linux Enterprise releases (bsc#1213282, jsc#PED-1435) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3434-1 Released: Thu Aug 24 15:05:22 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3513-1 Released: Fri Sep 1 15:47:41 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3535-1 Released: Tue Sep 5 14:46:31 2023 Summary: Security update for glib2 Type: security Severity: important References: 1183533,1211945,1211946,1211947,1211948,1211951,CVE-2021-28153,CVE-2023-29499,CVE-2023-32611,CVE-2023-32636,CVE-2023-32643,CVE-2023-32665 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files. (bsc#1183533) - CVE-2023-32665: Fixed GVariant deserialisation which does not match spec for non-normal data. (bsc#1211945) - CVE-2023-32643: Fixed a heap-buffer-overflow in g_variant_serialised_get_child(). (bsc#1211946) - CVE-2023-29499: Fixed GVariant offset table entry size which is not checked in is_normal(). (bsc#1211947) - CVE-2023-32636: Fixed a wrong timeout in fuzz_variant_text(). (bsc#1211948) - CVE-2023-32611: Fixed an issue where g_variant_byteswap() can take a long time with some non-normal inputs. (bsc#1211951) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3686-1 Released: Tue Sep 19 17:23:03 2023 Summary: Security update for gcc7 Type: security Severity: important References: 1195517,1196861,1204505,1205145,1214052,CVE-2023-4039 This update for gcc7 fixes the following issues: Security issue fixed: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). Other fixes: - Fixed KASAN kernel compile. [bsc#1205145] - Fixed ICE with C++17 code as reported in [bsc#1204505] - Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517): - Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3698-1 Released: Wed Sep 20 11:01:15 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3815-1 Released: Wed Sep 27 18:20:25 2023 Summary: Security update for cni Type: security Severity: important References: 1212475 This update of cni fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3816-1 Released: Wed Sep 27 18:25:44 2023 Summary: Security update for cni-plugins Type: security Severity: important References: 1212475 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3825-1 Released: Wed Sep 27 18:48:53 2023 Summary: Security update for binutils Type: security Severity: important References: 1200962,1206080,1206556,1208037,1208038,1208040,1208409,1209642,1210297,1210733,1213458,1214565,1214567,1214579,1214580,1214604,1214611,1214619,1214620,1214623,1214624,1214625,CVE-2020-19726,CVE-2021-32256,CVE-2022-35205,CVE-2022-35206,CVE-2022-4285,CVE-2022-44840,CVE-2022-45703,CVE-2022-47673,CVE-2022-47695,CVE-2022-47696,CVE-2022-48063,CVE-2022-48064,CVE-2022-48065,CVE-2023-0687,CVE-2023-1579,CVE-2023-1972,CVE-2023-2222,CVE-2023-25585,CVE-2023-25587,CVE-2023-25588 This update for binutils fixes the following issues: Update to version 2.41 [jsc#PED-5778]: * The MIPS port now supports the Sony Interactive Entertainment Allegrex processor, used with the PlayStation Portable, which implements the MIPS II ISA along with a single-precision FPU and a few implementation-specific integer instructions. * Objdump's --private option can now be used on PE format files to display the fields in the file header and section headers. * New versioned release of libsframe: libsframe.so.1. This release introduces versioned symbols with version node name LIBSFRAME_1.0. This release also updates the ABI in an incompatible way: this includes removal of sframe_get_funcdesc_with_addr API, change in the behavior of sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs. * SFrame Version 2 is now the default (and only) format version supported by gas, ld, readelf and objdump. * Add command-line option, --strip-section-headers, to objcopy and strip to remove ELF section header from ELF file. * The RISC-V port now supports the following new standard extensions: - Zicond (conditional zero instructions) - Zfa (additional floating-point instructions) - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng, Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions) * The RISC-V port now supports the following vendor-defined extensions: - XVentanaCondOps * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions. * A new .insn directive is recognized by x86 gas. * Add SME2 support to the AArch64 port. * The linker now accepts a command line option of --remap-inputs = to relace any input file that matches with . In addition the option --remap-inputs-file= can be used to specify a file containing any number of these remapping directives. * The linker command line option --print-map-locals can be used to include local symbols in a linker map. (ELF targets only). * For most ELF based targets, if the --enable-linker-version option is used then the version of the linker will be inserted as a string into the .comment section. * The linker script syntax has a new command for output sections: ASCIZ 'string' This will insert a zero-terminated string at the current location. * Add command-line option, -z nosectionheader, to omit ELF section header. - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1209642 aka CVE-2023-1579 aka PR29988 * bsc#1210297 aka CVE-2023-1972 aka PR30285 * bsc#1210733 aka CVE-2023-2222 aka PR29936 * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc) * bsc#1214565 aka CVE-2020-19726 aka PR26240 * bsc#1214567 aka CVE-2022-35206 aka PR29290 * bsc#1214579 aka CVE-2022-35205 aka PR29289 * bsc#1214580 aka CVE-2022-44840 aka PR29732 * bsc#1214604 aka CVE-2022-45703 aka PR29799 * bsc#1214611 aka CVE-2022-48065 aka PR29925 * bsc#1214619 aka CVE-2022-48064 aka PR29922 * bsc#1214620 aka CVE-2022-48063 aka PR29924 * bsc#1214623 aka CVE-2022-47696 aka PR29677 * bsc#1214624 aka CVE-2022-47695 aka PR29846 * bsc#1214625 aka CVE-2022-47673 aka PR29876 - This only existed only for a very short while in SLE-15, as the main variant in devel:gcc subsumed this in binutils-revert-rela.diff. Hence: - Document fixed CVEs: * bsc#1208037 aka CVE-2023-25588 aka PR29677 * bsc#1208038 aka CVE-2023-25587 aka PR29846 * bsc#1208040 aka CVE-2023-25585 aka PR29892 * bsc#1208409 aka CVE-2023-0687 aka PR29444 - Enable bpf-none cross target and add bpf-none to the multitarget set of supported targets. - Disable packed-relative-relocs for old codestreams. They generate buggy relocations when binutils-revert-rela.diff is active. [bsc#1206556] - Disable ZSTD debug section compress by default. - Enable zstd compression algorithm (instead of zlib) for debug info sections by default. - Pack libgprofng only for supported platforms. - Move libgprofng-related libraries to the proper locations (packages). - Add --without=bootstrap for skipping of bootstrap (faster testing of the package). - Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515] Update to version 2.40: * Objdump has a new command line option --show-all-symbols which will make it display all symbols that match a given address when disassembling. (Normally only the first symbol that matches an address is shown). * Add --enable-colored-disassembly configure time option to enable colored disassembly output by default, if the output device is a terminal. Note, this configure option is disabled by default. * DCO signed contributions are now accepted. * objcopy --decompress-debug-sections now supports zstd compressed debug sections. The new option --compress-debug-sections=zstd compresses debug sections with zstd. * addr2line and objdump --dwarf now support zstd compressed debug sections. * The dlltool program now accepts --deterministic-libraries and --non-deterministic-libraries as command line options to control whether or not it generates deterministic output libraries. If neither of these options are used the default is whatever was set when the binutils were configured. * readelf and objdump now have a newly added option --sframe which dumps the SFrame section. * Add support for Intel RAO-INT instructions. * Add support for Intel AVX-NE-CONVERT instructions. * Add support for Intel MSRLIST instructions. * Add support for Intel WRMSRNS instructions. * Add support for Intel CMPccXADD instructions. * Add support for Intel AVX-VNNI-INT8 instructions. * Add support for Intel AVX-IFMA instructions. * Add support for Intel PREFETCHI instructions. * Add support for Intel AMX-FP16 instructions. * gas now supports --compress-debug-sections=zstd to compress debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug-sections. * Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs, XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx, XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head ISA manual, which are implemented in the Allwinner D1. * Add support for the RISC-V Zawrs extension, version 1.0-rc4. * Add support for Cortex-X1C for Arm. * New command line option --gsframe to generate SFrame unwind information on x86_64 and aarch64 targets. * The linker has a new command line option to suppress the generation of any warning or error messages. This can be useful when there is a need to create a known non-working binary. The option is -w or --no-warnings. * ld now supports zstd compressed debug sections. The new option --compress-debug-sections=zstd compresses debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug-sections. * Remove support for -z bndplt (MPX prefix instructions). - Includes fixes for these CVEs: * bsc#1206080 aka CVE-2022-4285 aka PR29699 - Enable by default: --enable-colored-disassembly. - fix build on x86_64_vX platforms ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3937-1 Released: Tue Oct 3 11:33:38 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3958-1 Released: Wed Oct 4 09:16:06 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4025-1 Released: Tue Oct 10 13:41:02 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4047-1 Released: Wed Oct 11 10:40:26 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1215286,1215505,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Other changes: - Added GB18030-2022 charmap (jsc#PED-4908, BZ #30243) - Run vismain only if linker supports protected data symbol (bsc#1215505) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4126-1 Released: Thu Oct 19 09:38:31 2023 Summary: Security update for cni Type: security Severity: important References: 1212475,1216006 This update of cni fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4127-1 Released: Thu Oct 19 09:43:23 2023 Summary: Security update for cni-plugins Type: security Severity: important References: 1212475,1216006 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4512-1 Released: Tue Nov 21 17:25:02 2023 Summary: Security update for util-linux Type: security Severity: important References: 1213865,CVE-2018-7738 This update for util-linux fixes the following issues: - CVE-2018-7738: Fixed shell code injection in umount bash-completions (bsc#1213865). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4520-1 Released: Tue Nov 21 17:42:13 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4536-1 Released: Thu Nov 23 08:19:05 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4613-1 Released: Wed Nov 29 15:46:24 2023 Summary: Updates Cilium Type: security Severity: important References: 1215713,1216174,CVE-2023-35945,CVE-2023-44487 Updates Cilium addon as it got rebuild to include a couple of sercurity fixes The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 updated - binutils-2.41-150100.7.46.1 updated - cilium-proxy-20200109-150100.3.3.14.1 updated - clang7-7.0.1-150100.3.22.2 updated - cni-plugins-0.8.6-150100.3.20.1 updated - cni-0.7.1-150100.3.16.1 updated - coreutils-8.29-4.3.1 updated - cpp7-7.5.0+r278197-150000.4.35.1 updated - dbus-1-1.12.2-150100.8.17.1 updated - filesystem-15.0-11.8.1 updated - gawk-4.2.1-150000.3.3.1 updated - gcc7-7.5.0+r278197-150000.4.35.1 updated - glibc-32bit-2.26-150000.13.70.1 updated - glibc-devel-32bit-2.26-150000.13.70.1 updated - glibc-devel-2.26-150000.13.70.1 updated - glibc-2.26-150000.13.70.1 updated - gpg2-2.2.5-150000.4.22.1 updated - grep-3.1-150000.4.6.1 updated - gzip-1.10-150000.4.15.1 updated - krb5-1.16.3-150100.3.30.1 updated - libLLVM7-7.0.1-150100.3.22.2 updated - libLTO7-7.0.1-150100.3.22.2 updated - libasan4-7.5.0+r278197-150000.4.35.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libatomic1-13.2.1+git7813-150000.1.6.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libblkid1-2.33.2-150100.4.40.1 updated - libcap2-2.26-150000.4.9.1 updated - libcares2-1.19.1-150000.3.23.1 updated - libcilkrts5-7.5.0+r278197-150000.4.35.1 updated - libclang7-7.0.1-150100.3.22.2 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcryptsetup12-2.0.6-150100.4.6.1 updated - libctf-nobfd0-2.41-150100.7.46.1 updated - libctf0-2.41-150100.7.46.1 updated - libcurl4-7.60.0-150000.51.1 updated - libdb-4_8-4.8.30-150000.7.9.1 updated - libdbus-1-3-1.12.2-150100.8.17.1 updated - libexpat1-2.2.5-150000.3.25.1 updated - libfdisk1-2.33.2-150100.4.40.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libglib-2_0-0-2.54.3-150000.4.29.1 updated - libgnutls30-3.6.7-150000.6.45.2 updated - libgomp1-13.2.1+git7813-150000.1.6.1 updated - libgpgme11-1.10.0-150000.4.6.2 updated - libitm1-13.2.1+git7813-150000.1.6.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libldap-2_4-2-2.4.46-150000.9.74.3 updated - libldap-data-2.4.46-150000.9.74.3 updated - liblsan0-13.2.1+git7813-150000.1.6.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.40.1 updated - libmpx2-8.2.1+r264010-150000.1.6.4 updated - libmpxwrappers2-8.2.1+r264010-150000.1.6.4 updated - libncurses6-6.1-150000.5.15.1 updated - libnghttp2-14-1.40.0-150000.3.17.1 updated - libopenssl1_1-1.1.0i-150100.14.68.1 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libprotobuf-c-devel-1.3.0-150000.3.3.1 updated - libprotobuf-c1-1.3.0-150000.3.3.1 updated - libprotobuf-lite20-3.9.2-150100.8.3.3 added - libprotobuf15-3.5.0-5.5.1 updated - libprotoc15-3.5.0-5.5.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libsasl2-3-2.1.26-150000.5.13.1 updated - libsmartcols1-2.33.2-150100.4.40.1 updated - libsolv-tools-0.7.24-150100.4.12.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-devel-gcc7-7.5.0+r278197-150000.4.35.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libsystemd0-234-150000.24.111.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - libtirpc-netconfig-1.0.2-150000.3.18.1 updated - libtirpc3-1.0.2-150000.3.18.1 updated - libtsan0-11.3.0+git1637-150000.1.11.2 updated - libubsan0-7.5.0+r278197-150000.4.35.1 updated - libudev1-234-150000.24.111.1 updated - libusb-1_0-0-1.0.21-150000.3.5.1 updated - libuuid1-2.33.2-150100.4.40.1 updated - libxml2-2-2.9.7-150000.3.63.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.48.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.22-150100.3.120.1 updated - llvm7-7.0.1-150100.3.22.2 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.0i-150100.14.68.1 added - openssl-1.1.0i-3.3.1 added - pam-1.3.0-150000.6.61.1 updated - perl-base-5.26.1-150000.7.15.1 updated - permissions-20181116-150100.9.41.1 updated - procps-3.3.15-150000.7.34.1 updated - protobuf-c-1.3.0-150000.3.3.1 updated - shadow-4.6-150100.3.11.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - systemd-234-150000.24.111.1 updated - terminfo-base-6.1-150000.5.15.1 updated - udev-234-150000.24.111.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-2.33.2-150100.4.40.1 updated - zypper-1.14.66-150100.3.90.1 updated - container:sles15-image-15.0.0-6.2.848 updated - libprotobuf-lite15-3.5.0-5.2.1 removed From sle-security-updates at lists.suse.com Wed Nov 29 15:11:57 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Nov 2023 16:11:57 +0100 (CET) Subject: SUSE-CU-2023:3916-1: Security update of caasp/v4/cilium-operator Message-ID: <20231129151157.1598EFD1F@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4/cilium-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3916-1 Container Tags : caasp/v4/cilium-operator:1.6.6 , caasp/v4/cilium-operator:1.6.6-rev6 , caasp/v4/cilium-operator:1.6.6-rev6-build3.17.1 Container Release : 3.17.1 Severity : critical Type : security References : 1040589 1041742 1065270 1082318 1089497 1099272 1115529 1121227 1121230 1122004 1122021 1127591 1128846 1148309 1158763 1159635 1160285 1162964 1172113 1172427 1173277 1174075 1174911 1178233 1180065 1180689 1180995 1181475 1181826 1182959 1183533 1184501 1185637 1187512 1187906 1189152 1189282 1189802 1190447 1190926 1191157 1191502 1192951 1193007 1193015 1193489 1193625 1193659 1193759 1193805 1193841 1194038 1194229 1194550 1194597 1194640 1194642 1194768 1194770 1194848 1194883 1194898 1195149 1195283 1195326 1195468 1195529 1195560 1195628 1195633 1195773 1195792 1195856 1195899 1195999 1196036 1196061 1196093 1196107 1196167 1196275 1196317 1196368 1196406 1196490 1196514 1196840 1196861 1196877 1196925 1196939 1197004 1197004 1197024 1197065 1197134 1197178 1197443 1197459 1197684 1197771 1197794 1198062 1198341 1198446 1198627 1198731 1198752 1198925 1199042 1199132 1199132 1199140 1199166 1199223 1199224 1199232 1199240 1199492 1199895 1199918 1199926 1199927 1200170 1200550 1200735 1200737 1200800 1200842 1200993 1201092 1201099 1201225 1201576 1201627 1201638 1201680 1201783 1201959 1201972 1201978 1202020 1202175 1202593 1203248 1203249 1203649 1203652 1203652 1203715 1203760 1204357 1204366 1204367 1204383 1204548 1204585 1204585 1204690 1204956 1205126 1205570 1205636 1205646 1206309 1206337 1206412 1206480 1206480 1206513 1206579 1206684 1206684 1206949 1207533 1207534 1207534 1207536 1207992 1208329 1209122 1209209 1209210 1209211 1209212 1209214 1209406 1209533 1209624 1209873 1209878 1210096 1210411 1210412 1210434 1210507 1210557 1210557 1210593 1210740 1210870 1211231 1211232 1211233 1211261 1211339 1211419 1211427 1211427 1211430 1211661 1211945 1211946 1211947 1211948 1211951 1212101 1212101 1212187 1212187 1212222 1212422 1213231 1213487 1213517 1213557 1213673 1213853 1213854 1213865 1213915 1213915 1214052 1214052 1214052 1214054 1214290 1214292 1214395 1214460 1214460 1214768 1214806 1215007 1215286 1215427 1215505 1215979 1216091 1216129 1216378 1216664 1216922 CVE-2015-8985 CVE-2016-3709 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2018-7738 CVE-2019-19906 CVE-2019-6285 CVE-2019-6292 CVE-2020-14367 CVE-2020-29362 CVE-2021-28153 CVE-2021-3541 CVE-2021-36690 CVE-2021-3999 CVE-2021-4209 CVE-2021-46828 CVE-2021-46848 CVE-2022-0778 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-24407 CVE-2022-2509 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-32221 CVE-2022-34903 CVE-2022-3515 CVE-2022-35252 CVE-2022-35737 CVE-2022-37434 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-4304 CVE-2022-43552 CVE-2022-46908 CVE-2022-47629 CVE-2022-4899 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-23916 CVE-2023-2603 CVE-2023-2650 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-29499 CVE-2023-32611 CVE-2023-32636 CVE-2023-32643 CVE-2023-32665 CVE-2023-3446 CVE-2023-36054 CVE-2023-3817 CVE-2023-39615 CVE-2023-4016 CVE-2023-4039 CVE-2023-4039 CVE-2023-4039 CVE-2023-45322 CVE-2023-45853 CVE-2023-4641 CVE-2023-4813 CVE-2023-5678 ----------------------------------------------------------------- The container caasp/v4/cilium-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:337-1 Released: Fri Feb 4 10:24:28 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1194597,1194898 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:473-1 Released: Thu Feb 17 10:29:42 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:853-1 Released: Tue Mar 15 19:27:30 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1196877,CVE-2022-0778 This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1131-1 Released: Fri Apr 8 09:43:53 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1832-1 Released: Tue May 24 11:52:33 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1191157,1197004,1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: Security: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). Bugfixes: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2068-1 Released: Tue Jun 14 10:14:47 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,CVE-2022-1292 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2179-1 Released: Fri Jun 24 14:05:25 2022 Summary: Security update for openssl Type: security Severity: moderate References: 1200550,CVE-2022-2068 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2311-1 Released: Wed Jul 6 15:16:17 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2471-1 Released: Thu Jul 21 04:42:58 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1148309,1191502,1195529,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - basic/env-util: Allow newlines in values of environment variables - man: tweak description of auto/noauto (bsc#1191502) - shared/install: avoid overwriting 'r' counter with a partial result (bsc#1148309) - shared/install: fix error codes returned by install_context_apply() - shared/install: ignore failures for auxiliary files - systemctl: suppress enable/disable messages when `-q` is given - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2571-1 Released: Thu Jul 28 04:20:52 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2829-1 Released: Wed Aug 17 13:33:11 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,1200735,1200737,CVE-2022-27781,CVE-2022-27782,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223). - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even when a related option had been changed (bsc#1199224). - CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused by an unbounded number of compression layers (bsc#1200735). - CVE-2022-32208: Fixed an incorrect message verification issue when performing FTP transfers using krb5 (bsc#1200737). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2830-1 Released: Wed Aug 17 14:36:26 2022 Summary: Security update for gnutls Type: security Severity: important References: 1196167,1202020,CVE-2021-4209,CVE-2022-2509 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2905-1 Released: Fri Aug 26 05:30:33 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2991-1 Released: Thu Sep 1 16:04:30 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1198752,1200800,1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed an uncontrolled file descriptor consumption, which could be exploited by remote attackers to prevent applications using the library from accepting new connections (bsc#1201680). Non-security fixes: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate References: 1198925 This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3129-1 Released: Wed Sep 7 04:42:53 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731,1200842 This update for util-linux fixes the following issues: - su: Change owner and mode for pty (bsc#1200842) - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) - mesg: use only stat() to get the current terminal status (bsc#1200842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3144-1 Released: Wed Sep 7 11:04:23 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a potential signature forgery via injection into the status line when certain unusual conditions are met (bsc#1201225). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3221-1 Released: Fri Sep 9 04:31:28 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3549-1 Released: Fri Oct 7 14:39:40 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1159635,CVE-2019-19906 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write that could lead to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet (bsc#1159635). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3566-1 Released: Tue Oct 11 16:19:09 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3774-1 Released: Wed Oct 26 12:21:09 2022 Summary: Security update for curl Type: security Severity: important References: 1202593,1204383,CVE-2022-32221,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3882-1 Released: Mon Nov 7 09:06:03 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode. (bsc#1180995) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1196840,1199492,1199918,1199926,1199927 This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3975-1 Released: Mon Nov 14 15:41:13 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959 This update for util-linux fixes the following issues: - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4155-1 Released: Mon Nov 21 14:36:17 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:308-1 Released: Tue Feb 7 17:33:37 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,CVE-2022-4304,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:446-1 Released: Fri Feb 17 09:52:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:787-1 Released: Thu Mar 16 19:37:18 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1748-1 Released: Tue Apr 4 09:06:59 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1908-1 Released: Wed Apr 19 08:38:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Fixed ignored invalid certificate policies in leaf certificates (bsc#1209878). - CVE-2023-0466: Fixed disabled certificate policy check (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1991-1 Released: Tue Apr 25 13:22:19 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1160285,1210096 This update for permissions fixes the following issues: * mariadb: settings for new auth_pam_tool (bsc#1160285, bsc#1210096) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2068-1 Released: Fri Apr 28 13:55:00 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2226-1 Released: Wed May 17 09:55:49 2023 Summary: Security update for curl Type: security Severity: important References: 1206309,1207992,1209209,1209210,1209211,1209212,1209214,1211231,1211232,1211233,1211339,CVE-2022-43552,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2248-1 Released: Thu May 18 17:06:33 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2327-1 Released: Tue May 30 16:44:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2472-1 Released: Thu Jun 8 10:05:45 2023 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1211661 This update for libzypp fixes the following issues: - Do not unconditionally release a medium if provideFile failed (bsc#1211661) - libzypp.spec.cmake: remove duplicate file listing - Update to version 17.31.12 (22) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2496-1 Released: Tue Jun 13 15:19:20 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1212187 This update for libzypp fixes the following issue: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2622-1 Released: Fri Jun 23 13:42:21 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests [bsc#1201627] * Add openssl-Update-further-expiring-certificates.patch ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2644-1 Released: Tue Jun 27 09:23:49 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - build: honor libproxy.pc's includedir (bsc#1212222) - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2955-1 Released: Tue Jul 25 05:22:54 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1193015 This update for util-linux fixes the following issues: - Fix memory leak on parse errors in libmount. (bsc#1193015) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2956-1 Released: Tue Jul 25 08:33:38 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211419,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2961-1 Released: Tue Jul 25 09:32:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3068-1 Released: Mon Jul 31 16:33:43 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3434-1 Released: Thu Aug 24 15:05:22 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3513-1 Released: Fri Sep 1 15:47:41 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3535-1 Released: Tue Sep 5 14:46:31 2023 Summary: Security update for glib2 Type: security Severity: important References: 1183533,1211945,1211946,1211947,1211948,1211951,CVE-2021-28153,CVE-2023-29499,CVE-2023-32611,CVE-2023-32636,CVE-2023-32643,CVE-2023-32665 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files. (bsc#1183533) - CVE-2023-32665: Fixed GVariant deserialisation which does not match spec for non-normal data. (bsc#1211945) - CVE-2023-32643: Fixed a heap-buffer-overflow in g_variant_serialised_get_child(). (bsc#1211946) - CVE-2023-29499: Fixed GVariant offset table entry size which is not checked in is_normal(). (bsc#1211947) - CVE-2023-32636: Fixed a wrong timeout in fuzz_variant_text(). (bsc#1211948) - CVE-2023-32611: Fixed an issue where g_variant_byteswap() can take a long time with some non-normal inputs. (bsc#1211951) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3698-1 Released: Wed Sep 20 11:01:15 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3937-1 Released: Tue Oct 3 11:33:38 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3958-1 Released: Wed Oct 4 09:16:06 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4025-1 Released: Tue Oct 10 13:41:02 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4047-1 Released: Wed Oct 11 10:40:26 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1215286,1215505,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Other changes: - Added GB18030-2022 charmap (jsc#PED-4908, BZ #30243) - Run vismain only if linker supports protected data symbol (bsc#1215505) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4512-1 Released: Tue Nov 21 17:25:02 2023 Summary: Security update for util-linux Type: security Severity: important References: 1213865,CVE-2018-7738 This update for util-linux fixes the following issues: - CVE-2018-7738: Fixed shell code injection in umount bash-completions (bsc#1213865). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4520-1 Released: Tue Nov 21 17:42:13 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4536-1 Released: Thu Nov 23 08:19:05 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 updated - coreutils-8.29-4.3.1 updated - filesystem-15.0-11.8.1 updated - glibc-2.26-150000.13.70.1 updated - gpg2-2.2.5-150000.4.22.1 updated - grep-3.1-150000.4.6.1 updated - krb5-1.16.3-150100.3.30.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libblkid1-2.33.2-150100.4.40.1 updated - libcap2-2.26-150000.4.9.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcurl4-7.60.0-150000.51.1 updated - libfdisk1-2.33.2-150100.4.40.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libglib-2_0-0-2.54.3-150000.4.29.1 updated - libgnutls30-3.6.7-150000.6.45.2 updated - libgpgme11-1.10.0-150000.4.6.2 updated - libksba8-1.3.5-150000.4.6.1 updated - libldap-2_4-2-2.4.46-150000.9.74.3 updated - libldap-data-2.4.46-150000.9.74.3 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.40.1 updated - libncurses6-6.1-150000.5.15.1 updated - libnghttp2-14-1.40.0-150000.3.17.1 updated - libopenssl1_1-1.1.0i-150100.14.68.1 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libprotobuf-lite20-3.9.2-150100.8.3.3 added - libpsl5-0.20.1-150000.3.3.1 updated - libsasl2-3-2.1.26-150000.5.13.1 updated - libsmartcols1-2.33.2-150100.4.40.1 updated - libsolv-tools-0.7.24-150100.4.12.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libsystemd0-234-150000.24.111.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - libtirpc-netconfig-1.0.2-150000.3.18.1 updated - libtirpc3-1.0.2-150000.3.18.1 updated - libudev1-234-150000.24.111.1 updated - libusb-1_0-0-1.0.21-150000.3.5.1 updated - libuuid1-2.33.2-150100.4.40.1 updated - libxml2-2-2.9.7-150000.3.63.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.48.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.22-150100.3.120.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.0i-150100.14.68.1 added - openssl-1.1.0i-3.3.1 added - pam-1.3.0-150000.6.61.1 updated - perl-base-5.26.1-150000.7.15.1 updated - permissions-20181116-150100.9.41.1 updated - procps-3.3.15-150000.7.34.1 updated - shadow-4.6-150100.3.11.1 updated - terminfo-base-6.1-150000.5.15.1 updated - util-linux-2.33.2-150100.4.40.1 updated - zypper-1.14.66-150100.3.90.1 updated - container:sles15-image-15.0.0-6.2.848 updated - libprotobuf-lite15-3.5.0-5.2.1 removed From sle-security-updates at lists.suse.com Wed Nov 29 16:30:03 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Nov 2023 16:30:03 -0000 Subject: SUSE-SU-2023:4614-1: important: Security update for java-1_8_0-ibm Message-ID: <170127540305.4702.3467338083044386681@smelt2.prg2.suse.org> # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2023:4614-1 Rating: important References: * bsc#1204264 * bsc#1216339 * bsc#1216374 * bsc#1216379 * bsc#1216640 * bsc#1217214 Cross-References: * CVE-2023-22025 * CVE-2023-22067 * CVE-2023-22081 * CVE-2023-5676 CVSS scores: * CVE-2023-22025 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22025 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22081 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5676 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5676 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves four vulnerabilities and has two security fixes can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 Fix Pack 15: * Oracle October 17 2023 CPU [bsc#1216640] Security fixes: * CVE-2023-22081: Fixed enhanced TLS connections (bsc#1216374) * CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379) * CVE-2023-22025: Fixed memory corruption issue on x86_64 with AVX-512 (bsc#1216339) * CVE-2023-5676: Fixed receiving a signal before initialization may lead to an infinite loop or unexpected crash (bsc#1217214) Bug fixes: * IBM Java idlj compiler switch definition because IBM java idlj seems to confuse char and wchar for typedef types (bsc#1204264). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4614=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4614=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4614=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4614=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (nosrc) * java-1_8_0-ibm-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.15-30.117.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1 * java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22025.html * https://www.suse.com/security/cve/CVE-2023-22067.html * https://www.suse.com/security/cve/CVE-2023-22081.html * https://www.suse.com/security/cve/CVE-2023-5676.html * https://bugzilla.suse.com/show_bug.cgi?id=1204264 * https://bugzilla.suse.com/show_bug.cgi?id=1216339 * https://bugzilla.suse.com/show_bug.cgi?id=1216374 * https://bugzilla.suse.com/show_bug.cgi?id=1216379 * https://bugzilla.suse.com/show_bug.cgi?id=1216640 * https://bugzilla.suse.com/show_bug.cgi?id=1217214 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 29 16:30:05 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Nov 2023 16:30:05 -0000 Subject: SUSE-SU-2023:4613-1: important: Updates Cilium Message-ID: <170127540566.4702.7239725191150069682@smelt2.prg2.suse.org> # Updates Cilium Announcement ID: SUSE-SU-2023:4613-1 Rating: important References: * bsc#1215713 * bsc#1216174 Cross-References: * CVE-2023-35945 * CVE-2023-44487 CVSS scores: * CVE-2023-35945 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise Server 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: Updates Cilium addon as it got rebuild to include a couple of sercurity fixes ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE CaaS Platform 4.0 (x86_64) * caasp-release-4.2.10-150100.24.55.2 * skuba-1.4.17-150100.3.70.1 * SUSE CaaS Platform 4.0 (noarch) * release-notes-caasp-4.2.20231122-150100.4.85.1 * skuba-update-1.4.17-150100.3.70.1 ## References: * https://www.suse.com/security/cve/CVE-2023-35945.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1215713 * https://bugzilla.suse.com/show_bug.cgi?id=1216174 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 29 16:30:07 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Nov 2023 16:30:07 -0000 Subject: SUSE-SU-2023:4612-1: moderate: Security update for java-1_8_0-openj9 Message-ID: <170127540796.4702.7993335403580698896@smelt2.prg2.suse.org> # Security update for java-1_8_0-openj9 Announcement ID: SUSE-SU-2023:4612-1 Rating: moderate References: * bsc#1216374 * bsc#1216379 * bsc#1217214 Cross-References: * CVE-2023-22067 * CVE-2023-22081 * CVE-2023-5676 CVSS scores: * CVE-2023-22067 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22081 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5676 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-5676 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openj9 fixes the following issues: Update to OpenJDK 8u392 build 08 with OpenJ9 0.41.0 virtual machine * CVE-2023-22067: Fixed an IOR deserialization issue in CORBA (bsc#1216379). * CVE-2023-22081: Fixed a certificate path validation issue during client authentication (bsc#1216374). * CVE-2023-5676: Fixed receiving a signal before initialization may lead to an infinite loop or unexpected crash (bsc#1217214). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4612=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4612=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4612=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openj9-src-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-demo-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-headless-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-devel-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-devel-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-headless-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-accessibility-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-debugsource-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-demo-1.8.0.392-150200.3.39.1 * openSUSE Leap 15.4 (noarch) * java-1_8_0-openj9-javadoc-1.8.0.392-150200.3.39.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openj9-src-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-demo-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-headless-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-devel-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-devel-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-headless-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-accessibility-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-debugsource-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-demo-1.8.0.392-150200.3.39.1 * openSUSE Leap 15.5 (noarch) * java-1_8_0-openj9-javadoc-1.8.0.392-150200.3.39.1 * SUSE Package Hub 15 15-SP5 (ppc64le s390x) * java-1_8_0-openj9-src-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-demo-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-headless-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-devel-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-devel-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-headless-debuginfo-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-accessibility-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-debugsource-1.8.0.392-150200.3.39.1 * java-1_8_0-openj9-demo-1.8.0.392-150200.3.39.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22067.html * https://www.suse.com/security/cve/CVE-2023-22081.html * https://www.suse.com/security/cve/CVE-2023-5676.html * https://bugzilla.suse.com/show_bug.cgi?id=1216374 * https://bugzilla.suse.com/show_bug.cgi?id=1216379 * https://bugzilla.suse.com/show_bug.cgi?id=1217214 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Wed Nov 29 16:30:12 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Nov 2023 16:30:12 -0000 Subject: SUSE-SU-2023:4611-1: moderate: Security update for freerdp Message-ID: <170127541295.4702.3219960278882023067@smelt2.prg2.suse.org> # Security update for freerdp Announcement ID: SUSE-SU-2023:4611-1 Rating: moderate References: * bsc#1214856 * bsc#1214857 * bsc#1214858 * bsc#1214859 * bsc#1214860 * bsc#1214862 * bsc#1214863 * bsc#1214864 * bsc#1214866 * bsc#1214867 * bsc#1214868 * bsc#1214869 * bsc#1214870 * bsc#1214871 * bsc#1214872 Cross-References: * CVE-2023-39350 * CVE-2023-39351 * CVE-2023-39352 * CVE-2023-39353 * CVE-2023-39354 * CVE-2023-39356 * CVE-2023-40181 * CVE-2023-40186 * CVE-2023-40188 * CVE-2023-40567 * CVE-2023-40569 * CVE-2023-40574 * CVE-2023-40575 * CVE-2023-40576 * CVE-2023-40589 CVSS scores: * CVE-2023-39350 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39350 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39351 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39351 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39352 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39352 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39353 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39353 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39354 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39354 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-39356 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40181 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40186 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40188 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40188 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40567 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40567 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40569 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40569 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40574 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40574 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40575 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40575 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40576 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40576 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40589 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-40589 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves 15 vulnerabilities can now be installed. ## Description: This update for freerdp fixes the following issues: * CVE-2023-39350: Fixed incorrect offset calculation leading to DoS (bsc#1214856). * CVE-2023-39351: Fixed Null Pointer Dereference leading DoS in RemoteFX (bsc#1214857). * CVE-2023-39352: Fixed Invalid offset validation leading to Out Of Bound Write (bsc#1214858). * CVE-2023-39353: Fixed Missing offset validation leading to Out Of Bound Read (bsc#1214859). * CVE-2023-39354: Fixed Out-Of-Bounds Read in nsc_rle_decompress_data (bsc#1214860). * CVE-2023-39356: Fixed Missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (bsc#1214862). * CVE-2023-40181: Fixed Integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (bsc#1214863). * CVE-2023-40186: Fixed IntegerOverflow leading to Out-Of-Bound Write Vulnerability in gdi_CreateSurface (bsc#1214864). * CVE-2023-40188: Fixed Out-Of-Bounds Read in general_LumaToYUV444 (bsc#1214866). * CVE-2023-40567: Fixed Out-Of-Bounds Write in clear_decompress_bands_data (bsc#1214867). * CVE-2023-40569: Fixed Out-Of-Bounds Write in progressive_decompress (bsc#1214868). * CVE-2023-40574: Fixed Out-Of-Bounds Write in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214869). * CVE-2023-40575: Fixed Out-Of-Bounds Read in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214870). * CVE-2023-40576: Fixed Out-Of-Bounds Read in RleDecompress (bsc#1214871). * CVE-2023-40589: Fixed Global-Buffer-Overflow in ncrush_decompress (bsc#1214872). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4611=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4611=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libfreerdp2-debuginfo-2.1.2-12.38.1 * freerdp-debuginfo-2.1.2-12.38.1 * libfreerdp2-2.1.2-12.38.1 * freerdp-debugsource-2.1.2-12.38.1 * libwinpr2-2.1.2-12.38.1 * winpr2-devel-2.1.2-12.38.1 * freerdp-devel-2.1.2-12.38.1 * libwinpr2-debuginfo-2.1.2-12.38.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * freerdp-debuginfo-2.1.2-12.38.1 * libfreerdp2-debuginfo-2.1.2-12.38.1 * libfreerdp2-2.1.2-12.38.1 * freerdp-server-2.1.2-12.38.1 * freerdp-debugsource-2.1.2-12.38.1 * freerdp-proxy-2.1.2-12.38.1 * libwinpr2-2.1.2-12.38.1 * freerdp-2.1.2-12.38.1 * libwinpr2-debuginfo-2.1.2-12.38.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39350.html * https://www.suse.com/security/cve/CVE-2023-39351.html * https://www.suse.com/security/cve/CVE-2023-39352.html * https://www.suse.com/security/cve/CVE-2023-39353.html * https://www.suse.com/security/cve/CVE-2023-39354.html * https://www.suse.com/security/cve/CVE-2023-39356.html * https://www.suse.com/security/cve/CVE-2023-40181.html * https://www.suse.com/security/cve/CVE-2023-40186.html * https://www.suse.com/security/cve/CVE-2023-40188.html * https://www.suse.com/security/cve/CVE-2023-40567.html * https://www.suse.com/security/cve/CVE-2023-40569.html * https://www.suse.com/security/cve/CVE-2023-40574.html * https://www.suse.com/security/cve/CVE-2023-40575.html * https://www.suse.com/security/cve/CVE-2023-40576.html * https://www.suse.com/security/cve/CVE-2023-40589.html * https://bugzilla.suse.com/show_bug.cgi?id=1214856 * https://bugzilla.suse.com/show_bug.cgi?id=1214857 * https://bugzilla.suse.com/show_bug.cgi?id=1214858 * https://bugzilla.suse.com/show_bug.cgi?id=1214859 * https://bugzilla.suse.com/show_bug.cgi?id=1214860 * https://bugzilla.suse.com/show_bug.cgi?id=1214862 * https://bugzilla.suse.com/show_bug.cgi?id=1214863 * https://bugzilla.suse.com/show_bug.cgi?id=1214864 * https://bugzilla.suse.com/show_bug.cgi?id=1214866 * https://bugzilla.suse.com/show_bug.cgi?id=1214867 * https://bugzilla.suse.com/show_bug.cgi?id=1214868 * https://bugzilla.suse.com/show_bug.cgi?id=1214869 * https://bugzilla.suse.com/show_bug.cgi?id=1214870 * https://bugzilla.suse.com/show_bug.cgi?id=1214871 * https://bugzilla.suse.com/show_bug.cgi?id=1214872 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 30 16:30:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Nov 2023 16:30:04 -0000 Subject: SUSE-SU-2023:4619-1: important: Security update for sqlite3 Message-ID: <170136180487.5512.10250347099027861593@smelt2.prg2.suse.org> # Security update for sqlite3 Announcement ID: SUSE-SU-2023:4619-1 Rating: important References: * bsc#1210660 Cross-References: * CVE-2023-2137 CVSS scores: * CVE-2023-2137 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2137 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for sqlite3 fixes the following issues: * CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4619=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4619=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4619=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4619=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4619=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4619=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4619=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4619=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE CaaS Platform 4.0 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2137.html * https://bugzilla.suse.com/show_bug.cgi?id=1210660 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 30 16:33:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Nov 2023 16:33:09 -0000 Subject: SUSE-SU-2023:4619-1: important: Security update for sqlite3 Message-ID: <170136198920.9735.5579747124148629442@smelt2.prg2.suse.org> # Security update for sqlite3 Announcement ID: SUSE-SU-2023:4619-1 Rating: important References: * bsc#1210660 Cross-References: * CVE-2023-2137 CVSS scores: * CVE-2023-2137 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2137 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for sqlite3 fixes the following issues: * CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4619=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4619=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4619=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4619=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4619=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4619=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4619=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4619=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE CaaS Platform 4.0 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2137.html * https://bugzilla.suse.com/show_bug.cgi?id=1210660 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 30 16:36:11 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Nov 2023 16:36:11 -0000 Subject: SUSE-SU-2023:4619-1: important: Security update for sqlite3 Message-ID: <170136217158.9735.16471057658639305889@smelt2.prg2.suse.org> # Security update for sqlite3 Announcement ID: SUSE-SU-2023:4619-1 Rating: important References: * bsc#1210660 Cross-References: * CVE-2023-2137 CVSS scores: * CVE-2023-2137 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2137 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for sqlite3 fixes the following issues: * CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4619=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4619=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4619=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4619=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4619=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4619=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4619=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4619=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4619=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4619=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4619=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4619=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4619=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.4 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * openSUSE Leap 15.5 (noarch) * sqlite3-doc-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP4 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-tcl-debuginfo-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * Basesystem Module 15-SP5 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Enterprise Storage 7.1 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * SUSE CaaS Platform 4.0 (x86_64) * libsqlite3-0-32bit-3.44.0-150000.3.23.1 * sqlite3-debuginfo-3.44.0-150000.3.23.1 * sqlite3-devel-3.44.0-150000.3.23.1 * libsqlite3-0-32bit-debuginfo-3.44.0-150000.3.23.1 * sqlite3-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * sqlite3-tcl-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * sqlite3-debuginfo-3.44.0-150000.3.23.1 * libsqlite3-0-3.44.0-150000.3.23.1 * sqlite3-debugsource-3.44.0-150000.3.23.1 * libsqlite3-0-debuginfo-3.44.0-150000.3.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2137.html * https://bugzilla.suse.com/show_bug.cgi?id=1210660 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 30 20:30:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Nov 2023 20:30:04 -0000 Subject: SUSE-SU-2023:4623-1: moderate: Security update for traceroute Message-ID: <170137620461.29966.6958179127504053579@smelt2.prg2.suse.org> # Security update for traceroute Announcement ID: SUSE-SU-2023:4623-1 Rating: moderate References: * bsc#1216591 Cross-References: * CVE-2023-46316 CVSS scores: * CVE-2023-46316 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-46316 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for traceroute fixes the following issues: * CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4623=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4623=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4623=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4623=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4623=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4623=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4623=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4623=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4623=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4623=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4623=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * traceroute-debuginfo-2.0.21-150000.3.3.1 * traceroute-debugsource-2.0.21-150000.3.3.1 * traceroute-2.0.21-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46316.html * https://bugzilla.suse.com/show_bug.cgi?id=1216591 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-security-updates at lists.suse.com Thu Nov 30 20:30:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Nov 2023 20:30:09 -0000 Subject: SUSE-SU-2023:4622-1: important: Security update for libqt4 Message-ID: <170137620949.29966.14556668107483623020@smelt2.prg2.suse.org> # Security update for libqt4 Announcement ID: SUSE-SU-2023:4622-1 Rating: important References: * bsc#1196654 * bsc#1211298 * bsc#1211798 * bsc#1211994 * bsc#1213326 * bsc#1214327 Cross-References: * CVE-2021-45930 * CVE-2023-32573 * CVE-2023-32763 * CVE-2023-34410 * CVE-2023-37369 * CVE-2023-38197 CVSS scores: * CVE-2021-45930 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-45930 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32573 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32573 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32763 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32763 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34410 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34410 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-37369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37369 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-38197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for libqt4 fixes the following issues: * CVE-2021-45930: Fix out of-bounds write when parsing path nodes (bsc#1196654). * CVE-2023-32573: Fix missing initialization of QSvgFont unitsPerEm (bsc#1211298). * CVE-2023-32763: Fix potential buffer when rendering a SVG file with an image inside (bsc#1211798). * CVE-2023-34410: Fix missing sync of disablement of loading root certificates in qsslsocketprivate (bsc#1211994). * CVE-2023-37369: Fix buffer overflow in QXmlStreamReader (bsc#1214327). * CVE-2023-38197: Fix infinite loops in QXmlStreamReader (bsc#1213326). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4622=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4622=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4622=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4622=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4622=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libqt4-sql-plugins-debugsource-4.8.7-8.19.1 * libqt4-sql-postgresql-4.8.7-8.19.1 * libqt4-sql-postgresql-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-unixODBC-4.8.7-8.19.1 * libqt4-sql-unixODBC-debuginfo-4.8.7-8.19.1 * libqt4-sql-unixODBC-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-sqlite-32bit-4.8.7-8.19.1 * libqt4-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-mysql-32bit-4.8.7-8.19.1 * libqt4-sql-postgresql-32bit-4.8.7-8.19.1 * libqt4-debugsource-4.8.7-8.19.1 * libqt4-sql-unixODBC-32bit-4.8.7-8.19.1 * libqt4-sql-mysql-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-sqlite-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-postgresql-debuginfo-4.8.7-8.19.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libqt4-sql-plugins-debugsource-4.8.7-8.19.1 * libqt4-sql-postgresql-4.8.7-8.19.1 * libqt4-sql-unixODBC-4.8.7-8.19.1 * libqt4-sql-unixODBC-debuginfo-4.8.7-8.19.1 * libqt4-devel-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-4.8.7-8.19.1 * libqt4-linguist-4.8.7-8.19.1 * libqt4-devel-doc-debuginfo-4.8.7-8.19.1 * libqt4-private-headers-devel-4.8.7-8.19.1 * libqt4-debugsource-4.8.7-8.19.1 * libqt4-linguist-debuginfo-4.8.7-8.19.1 * libqt4-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-debugsource-4.8.7-8.19.1 * libqt4-sql-postgresql-debuginfo-4.8.7-8.19.1 * libqt4-devel-4.8.7-8.19.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * libqt4-devel-doc-data-4.8.7-8.19.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libqt4-sql-unixODBC-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-postgresql-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-unixODBC-32bit-4.8.7-8.19.1 * libqt4-sql-postgresql-32bit-4.8.7-8.19.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libqt4-sql-plugins-debugsource-4.8.7-8.19.1 * libqt4-4.8.7-8.19.1 * libqt4-qt3support-debuginfo-4.8.7-8.19.1 * libqt4-sql-mysql-debuginfo-4.8.7-8.19.1 * libqt4-sql-debuginfo-4.8.7-8.19.1 * libqt4-x11-4.8.7-8.19.1 * libqt4-sql-mysql-4.8.7-8.19.1 * qt4-x11-tools-debuginfo-4.8.7-8.19.1 * libqt4-x11-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-debuginfo-4.8.7-8.19.1 * libqt4-sql-sqlite-debuginfo-4.8.7-8.19.1 * libqt4-debugsource-4.8.7-8.19.1 * libqt4-sql-4.8.7-8.19.1 * libqt4-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-debugsource-4.8.7-8.19.1 * libqt4-qt3support-4.8.7-8.19.1 * libqt4-sql-sqlite-4.8.7-8.19.1 * qt4-x11-tools-4.8.7-8.19.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libqt4-32bit-4.8.7-8.19.1 * libqt4-qt3support-32bit-4.8.7-8.19.1 * libqt4-sql-32bit-4.8.7-8.19.1 * libqt4-x11-debuginfo-32bit-4.8.7-8.19.1 * libqt4-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-debuginfo-32bit-4.8.7-8.19.1 * libqt4-qt3support-debuginfo-32bit-4.8.7-8.19.1 * libqt4-x11-32bit-4.8.7-8.19.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libqt4-sql-plugins-debugsource-4.8.7-8.19.1 * libqt4-4.8.7-8.19.1 * libqt4-qt3support-debuginfo-4.8.7-8.19.1 * libqt4-sql-mysql-debuginfo-4.8.7-8.19.1 * libqt4-sql-debuginfo-4.8.7-8.19.1 * libqt4-x11-4.8.7-8.19.1 * libqt4-sql-mysql-4.8.7-8.19.1 * qt4-x11-tools-debuginfo-4.8.7-8.19.1 * libqt4-x11-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-debuginfo-4.8.7-8.19.1 * libqt4-sql-sqlite-debuginfo-4.8.7-8.19.1 * libqt4-debugsource-4.8.7-8.19.1 * libqt4-sql-4.8.7-8.19.1 * libqt4-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-debugsource-4.8.7-8.19.1 * libqt4-qt3support-4.8.7-8.19.1 * libqt4-sql-sqlite-4.8.7-8.19.1 * qt4-x11-tools-4.8.7-8.19.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libqt4-32bit-4.8.7-8.19.1 * libqt4-qt3support-32bit-4.8.7-8.19.1 * libqt4-sql-32bit-4.8.7-8.19.1 * libqt4-x11-debuginfo-32bit-4.8.7-8.19.1 * libqt4-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-debuginfo-32bit-4.8.7-8.19.1 * libqt4-qt3support-debuginfo-32bit-4.8.7-8.19.1 * libqt4-x11-32bit-4.8.7-8.19.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libqt4-sql-plugins-debugsource-4.8.7-8.19.1 * libqt4-4.8.7-8.19.1 * libqt4-qt3support-debuginfo-4.8.7-8.19.1 * libqt4-sql-mysql-debuginfo-4.8.7-8.19.1 * libqt4-sql-debuginfo-4.8.7-8.19.1 * libqt4-x11-4.8.7-8.19.1 * libqt4-sql-mysql-4.8.7-8.19.1 * qt4-x11-tools-debuginfo-4.8.7-8.19.1 * libqt4-x11-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-debuginfo-4.8.7-8.19.1 * libqt4-sql-sqlite-debuginfo-4.8.7-8.19.1 * libqt4-debugsource-4.8.7-8.19.1 * libqt4-sql-4.8.7-8.19.1 * libqt4-debuginfo-4.8.7-8.19.1 * libqt4-devel-doc-debugsource-4.8.7-8.19.1 * libqt4-qt3support-4.8.7-8.19.1 * libqt4-sql-sqlite-4.8.7-8.19.1 * qt4-x11-tools-4.8.7-8.19.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libqt4-32bit-4.8.7-8.19.1 * libqt4-qt3support-32bit-4.8.7-8.19.1 * libqt4-sql-32bit-4.8.7-8.19.1 * libqt4-x11-debuginfo-32bit-4.8.7-8.19.1 * libqt4-debuginfo-32bit-4.8.7-8.19.1 * libqt4-sql-debuginfo-32bit-4.8.7-8.19.1 * libqt4-qt3support-debuginfo-32bit-4.8.7-8.19.1 * libqt4-x11-32bit-4.8.7-8.19.1 ## References: * https://www.suse.com/security/cve/CVE-2021-45930.html * https://www.suse.com/security/cve/CVE-2023-32573.html * https://www.suse.com/security/cve/CVE-2023-32763.html * https://www.suse.com/security/cve/CVE-2023-34410.html * https://www.suse.com/security/cve/CVE-2023-37369.html * https://www.suse.com/security/cve/CVE-2023-38197.html * https://bugzilla.suse.com/show_bug.cgi?id=1196654 * https://bugzilla.suse.com/show_bug.cgi?id=1211298 * https://bugzilla.suse.com/show_bug.cgi?id=1211798 * https://bugzilla.suse.com/show_bug.cgi?id=1211994 * https://bugzilla.suse.com/show_bug.cgi?id=1213326 * https://bugzilla.suse.com/show_bug.cgi?id=1214327 -------------- next part -------------- An HTML attachment was scrubbed... URL: