From sle-updates at lists.suse.com Sat Feb 1 01:34:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:34:56 +0100 (CET) Subject: SUSE-CU-2019:740-1: Security update of ses/6/cephcsi/cephcsi Message-ID: <20200201083456.E668BF798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:740-1 Container Tags : ses/6/cephcsi/cephcsi:1.1.0.0 , ses/6/cephcsi/cephcsi:1.1.0.0.1.5.2 , ses/6/cephcsi/cephcsi:latest Container Release : 1.5.2 Severity : important Type : security References : 1005023 1009532 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1036463 1036463 1038194 1039099 1044840 1045723 1047002 1063675 1065270 1071321 1072183 1073299 1073421 1076519 1076696 1080919 1082318 1082956 1083158 1084812 1084842 1084842 1086367 1086367 1087550 1088052 1088279 1088524 1089640 1089761 1089777 1090047 1090767 1090944 1091265 1091677 1092877 1093392 1093617 1093753 1093753 1093851 1094150 1094154 1094161 1094222 1094735 1094814 1095096 1095148 1095661 1095670 1095973 1096191 1096515 1096718 1096745 1096974 1096984 1097073 1097158 1097370 1097410 1097595 1097643 1098217 1098569 1098697 1099119 1099192 1099793 1100396 1100415 1100488 1100779 1101040 1101470 1101470 1101591 1101797 1101820 1102046 1102310 1102526 1102564 1102908 1103320 1103678 1104531 1104700 1104780 1105031 1105068 1105166 1105396 1105435 1105437 1105459 1105460 1106019 1106390 1106873 1107030 1107066 1107067 1107116 1107121 1107617 1107640 1107941 1109197 1109252 1110304 1110435 1110445 1110700 1111019 1111342 1111345 1111345 1111498 1111499 1111622 1111657 1111973 1112024 1112310 1112570 1112723 1112726 1112758 1112780 1112928 1113083 1113100 1113554 1113632 1113660 1113665 1114135 1114407 1114592 1114674 1114675 1114681 1114686 1114933 1114984 1114993 1115640 1115929 1117025 1117063 1117354 1117993 1118086 1118087 1118087 1118364 1118629 1119063 1119069 1119069 1119105 1119414 1119687 1119937 1119971 1120279 1120323 1120346 1120374 1120402 1120472 1120644 1120689 1121045 1121051 1121207 1121446 1121563 1121563 1122000 1122191 1122208 1122271 1122361 1122729 1122983 1123043 1123333 1123371 1123377 1123378 1123685 1123710 1123727 1123820 1123892 1124122 1124153 1124223 1124644 1124847 1125007 1125352 1125352 1125410 1125439 1125604 1126056 1126096 1126117 1126118 1126119 1126327 1126377 1126590 1127073 1127155 1127223 1127308 1127557 1128246 1128323 1128383 1128598 1128794 1129346 1129389 1129576 1129598 1129753 1129859 1130045 1130230 1130325 1130326 1130557 1130681 1130682 1130840 1131060 1131264 1131330 1131686 1132348 1132400 1132721 1133452 1133506 1133509 1133808 1134193 1134217 1134524 1134659 1134819 1134856 1135123 1135170 1135709 1135751 1136717 1137001 1137053 1137624 1137832 1138459 1138939 1139083 1139083 1139937 1139959 1140016 1140647 1140868 1141059 1141093 1141322 1141853 1145433 915402 918346 937216 943457 953659 960273 969953 985657 991901 996146 CVE-2009-5155 CVE-2015-0247 CVE-2015-1572 CVE-2016-10739 CVE-2016-3189 CVE-2017-10790 CVE-2017-18269 CVE-2017-7500 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-0495 CVE-2018-0500 CVE-2018-0732 CVE-2018-1000654 CVE-2018-1000858 CVE-2018-10360 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 CVE-2018-10903 CVE-2018-10906 CVE-2018-11236 CVE-2018-11237 CVE-2018-12015 CVE-2018-12020 CVE-2018-12384 CVE-2018-12404 CVE-2018-12404 CVE-2018-12405 CVE-2018-14404 CVE-2018-14567 CVE-2018-14618 CVE-2018-15686 CVE-2018-15688 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-16428 CVE-2018-16429 CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 CVE-2018-16868 CVE-2018-16868 CVE-2018-16869 CVE-2018-16890 CVE-2018-17466 CVE-2018-17953 CVE-2018-18074 CVE-2018-18310 CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2018-18520 CVE-2018-18521 CVE-2018-19211 CVE-2018-20346 CVE-2018-20406 CVE-2018-20843 CVE-2018-20852 CVE-2018-6954 CVE-2018-9251 CVE-2019-10160 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-12450 CVE-2019-12749 CVE-2019-12900 CVE-2019-12900 CVE-2019-12904 CVE-2019-13012 CVE-2019-13050 CVE-2019-3822 CVE-2019-3823 CVE-2019-3829 CVE-2019-3836 CVE-2019-3842 CVE-2019-3843 CVE-2019-3844 CVE-2019-3880 CVE-2019-5010 CVE-2019-5021 CVE-2019-5436 CVE-2019-6446 CVE-2019-6454 CVE-2019-6454 CVE-2019-6706 CVE-2019-7150 CVE-2019-7665 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 CVE-2019-9169 CVE-2019-9636 CVE-2019-9811 CVE-2019-9936 CVE-2019-9937 CVE-2019-9947 SLE-3853 SLE-4117 SLE-5807 SLE-5933 SLE-6738 ----------------------------------------------------------------- The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1223-1 Released: Tue Jun 26 11:41:00 2018 Summary: Security update for gpg2 Type: security Severity: important References: 1096745,CVE-2018-12020 Description: This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1264-1 Released: Tue Jul 3 10:56:12 2018 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1086367 Description: This update for curl provides the following fix: - Use OPENSSL_config() instead of CONF_modules_load_file() to avoid crashes due to conflicting openssl engines. (bsc#1086367) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1327-1 Released: Tue Jul 17 08:07:24 2018 Summary: Security update for perl Type: security Severity: moderate References: 1096718,CVE-2018-12015 Description: This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 Description: This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1334-1 Released: Tue Jul 17 09:06:41 2018 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1096515 Description: This update for mozilla-nss provides the following fixes: - Update to NSS 3.36.4 required by Firefox 60.0.2. (bsc#1096515) - Fix a problem that would cause connections to a server that was recently upgraded to TLS 1.3 to result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Use relro linker option. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1346-1 Released: Thu Jul 19 09:25:08 2018 Summary: Security update for glibc Type: security Severity: moderate References: 1082318,1092877,1094150,1094154,1094161,CVE-2017-18269,CVE-2018-11236,CVE-2018-11237 Description: This update for glibc fixes the following security issues: - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the copy operation. This may have disclosed information to context-dependent attackers, resulted in a denial of service or code execution (bsc#1094150). - CVE-2018-11236: Prevent integer overflow on 32-bit architectures when processing very long pathname arguments to the realpath function, leading to a stack-based buffer overflow (bsc#1094161). - CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function may have writen data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper (bsc#1092877, bsc#1094154). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1353-1 Released: Thu Jul 19 09:50:32 2018 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1009532,1038194,915402,918346,960273,CVE-2015-0247,CVE-2015-1572 Description: This update for e2fsprogs fixes the following issues: Security issues fixed: - CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402). - CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346). Bug fixes: - bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system. - bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system. - bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1362-1 Released: Thu Jul 19 12:47:33 2018 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1100415 Description: ca-certificates-mozilla was updated to the 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415) Following CAs were removed: * S-TRUST_Universal_Root_CA * TC_TrustCenter_Class_3_CA_II * TUeRKTRUST_Elektronik_Sertifika_Hizmet_Saglayicisi_H5 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1396-1 Released: Thu Jul 26 16:23:09 2018 Summary: Security update for rpm Type: security Severity: moderate References: 1094735,1095148,943457,CVE-2017-7500 Description: This update for rpm fixes the following issues: This security vulnerability was fixed: - CVE-2017-7500: Fixed symlink attacks during RPM installation (bsc#943457) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1409-1 Released: Fri Jul 27 06:45:10 2018 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1039099,1083158,1088052,1091265,1093851,1095096,1095973,1098569 Description: This update for systemd provides the following fixes: - systemctl: Mask always reports the same unit names when different unknown units are passed. (bsc#1095973) - systemctl: Check the existence of all units, not just the first one. - scsi_id: Fix the prefix for pre-SPC inquiry reply. (bsc#1039099) - device: Make sure to always retroactively start device dependencies. (bsc#1088052) - locale-util: On overlayfs FTW_MOUNT causes nftw(3) to not list *any* files. - Fix pattern to detect distribution. - install: The 'user' and 'global' scopes are equivalent for user presets. (bsc#1093851) - install: Search for preset files in /run (#7715) - install: Consider globally enabled units as 'enabled' for the user. (bsc#1093851) - install: Consider non-Alias=/non-DefaultInstance= symlinks as 'indirect' enablement. - install: Only consider names in Alias= as 'enabling'. - udev: Whitelist mlx4_core locally-administered MAC addresses in the persistent rule generator. (bsc#1083158) - man: Updated systemd-analyze blame description for service-units with Type=simple. (bsc#1091265) - fileio: Support writing atomic files with timestamp. - fileio.c: Fix incorrect mtime - Drop runtime dependency on dracut, otherwise systemd pulls in tools to generate the initrd even in container/chroot installations that don't have a kernel. For environments where initrd matters, dracut should be pulled via a pattern. (bsc#1098569) - An update broke booting with encrypted partitions on NVMe (bsc#1095096) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1685-1 Released: Fri Aug 17 18:20:58 2018 Summary: Security update for curl Type: security Severity: moderate References: 1099793,CVE-2018-0500 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2018-0500: Fix a SMTP send heap buffer overflow (bsc#1099793). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1754-1 Released: Fri Aug 24 16:40:21 2018 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1104780 Description: This update for ca-certificates-mozilla fixes the following issues: Updated to the 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780) - removed server auth rights from following CAs: - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - removed CA - ComSign CA - new CA added: - GlobalSign ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1760-1 Released: Fri Aug 24 17:14:53 2018 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1072183 Description: This update for libtirpc fixes the following issues: - rpcinfo: send RPC getport call as specified via parameter (bsc#1072183) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1775-1 Released: Tue Aug 28 12:40:50 2018 Summary: Recommended update for xfsprogs Type: recommended Severity: important References: 1089777,1105396 Description: This update for xfsprogs fixes the following issues: - avoid divide-by-zero when hardware reports optimal i/o size as 0 (bsc#1089777) - repair: shift inode back into place if corrupted by bad log replay (bsc#1105396). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1887-1 Released: Wed Sep 12 12:34:28 2018 Summary: Recommended update for python-websocket-client Type: recommended Severity: moderate References: 1076519 Description: This update for python-websocket-client fixes the following issues: - Use systems ca bundle file by default. (bsc#1076519) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1904-1 Released: Fri Sep 14 12:46:39 2018 Summary: Security update for curl Type: security Severity: moderate References: 1086367,1106019,CVE-2018-14618 Description: This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019) This non-security issue was fixed: - Use OPENSSL_config instead of CONF_modules_load_file() to avoid crashes due to openssl engines conflicts (bsc#1086367) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1999-1 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1071321 Description: This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2055-1 Released: Thu Sep 27 14:30:14 2018 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1089640 Description: This update for openldap2 provides the following fix: - Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2070-1 Released: Fri Sep 28 08:02:02 2018 Summary: Security update for gnutls Type: security Severity: moderate References: 1047002,1105437,1105459,1105460,CVE-2017-10790,CVE-2018-10844,CVE-2018-10845,CVE-2018-10846 Description: This update for gnutls fixes the following security issues: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (bsc#1105460) - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (bsc#1105459) - CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (bsc#1105437) - CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (bsc#1047002) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2083-1 Released: Sun Sep 30 14:06:33 2018 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1097158,1101470,CVE-2018-0732 Description: This update for openssl-1_1 to 1.1.0i fixes the following issues: These security issues were fixed: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks These non-security issues were fixed: - When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. - Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. - Fixed a text canonicalisation bug in CMS - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2138-1 Released: Thu Oct 4 15:52:15 2018 Summary: Recommended update for sudo Type: recommended Severity: low References: 1097643 Description: This update for sudo fixes the following issues: - fix permissions for /var/lib/sudo and /var/lib/sudo/ts (bsc#1097643) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2155-1 Released: Fri Oct 5 14:41:17 2018 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1101470 Description: This update for ca-certificates fixes the following issues: - Changed 'openssl' requirement to 'openssl(cli)' (bsc#1101470) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2170-1 Released: Mon Oct 8 10:31:14 2018 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1107030 Description: This update for python3 fixes the following issues: - Add -fwrapv to OPTS, which is default for python3 for bugs which are caused by avoiding it. (bsc#1107030) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2177-1 Released: Tue Oct 9 09:00:13 2018 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1095661,1095670,1100488 Description: This update for bash provides the following fixes: - Bugfix: Parse settings in inputrc for all screen TERM variables starting with 'screen.' (bsc#1095661) - Make the generation of bash.html reproducible. (bsc#1100488) - Use initgroups(3) instead of setgroups(2) to fix the usage of suid programs. (bsc#1095670) - Fix a problem that could cause hash table bash uses to store exit statuses from asynchronous processes to develop loops in circumstances involving long-running scripts that create and reap many processes. - Fix a problem that could cause the shell to loop if a SIGINT is received inside of a SIGINT trap handler. - Fix cases where a failing readline command (e.g., delete-char at the end of a line) can cause a multi-character key sequence to 'back up' and attempt to re-read some of the characters in the sequence. - Fix a problem when sourcing a file from an interactive shell, that setting the SIGINT handler to the default and typing ^C would cause the shell to exit. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2182-1 Released: Tue Oct 9 11:08:36 2018 Summary: Security update for libxml2 Type: security Severity: moderate References: 1088279,1102046,1105166,CVE-2018-14404,CVE-2018-14567,CVE-2018-9251 Description: This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2340-1 Released: Fri Oct 19 16:05:53 2018 Summary: Security update for fuse Type: security Severity: moderate References: 1101797,CVE-2018-10906 Description: This update for fuse fixes the following issues: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2346-1 Released: Mon Oct 22 09:40:46 2018 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: 1093617 Description: This update for logrotate provides the following fix: - Ensure the HOME environment variable is set to /root when logrotate is started via systemd. This allows mariadb to rotate its logs when the database has a root password defined. (bsc#1093617) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2370-1 Released: Mon Oct 22 14:02:01 2018 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1102310,1104531 Description: This update for aaa_base provides the following fixes: - Let bash.bashrc work even for (m)ksh. (bsc#1104531) - Fix an error at login if java system directory is empty. (bsc#1102310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2430-1 Released: Wed Oct 24 13:05:18 2018 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1101820,CVE-2018-10903 Description: This update for python-cryptography fixes the following issues: - CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries could have caused key leakage (bsc#1101820). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2454-1 Released: Thu Oct 25 11:19:46 2018 Summary: Recommended update for python-pyOpenSSL Type: recommended Severity: moderate References: 1110435 Description: This update for python-pyOpenSSL fixes the following issues: - Handle duplicate certificate addition using X509_STORE_add_cert so it works after upgrading to openssl 1.1.1. (bsc#1110435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 Description: This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2485-1 Released: Fri Oct 26 12:38:01 2018 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1112928 Description: This update for kmod provides the following fixes: - Allow 'modprobe -c' print the status of 'allow_unsupported_modules' option. (bsc#1112928) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2486-1 Released: Fri Oct 26 12:38:27 2018 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1105068 Description: This update for xfsprogs fixes the following issues: - Explictly disable systemd unit files for scrub (bsc#1105068). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2487-1 Released: Fri Oct 26 12:39:07 2018 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1102526 Description: This update for glibc fixes the following issues: - Fix build on aarch64 with binutils newer than 2.30. - Fix year 2039 bug for localtime with 64-bit time_t (bsc#1102526) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2539-1 Released: Tue Oct 30 16:17:23 2018 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1113100 Description: This update for rpm fixes the following issues: - On PowerPC64 fix the superfluous TOC. dependency (bsc#1113100) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 Description: This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2569-1 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1110700 Description: This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2578-1 Released: Mon Nov 5 17:55:35 2018 Summary: Security update for curl Type: security Severity: moderate References: 1112758,1113660,CVE-2018-16839,CVE-2018-16840,CVE-2018-16842 Description: This update for curl fixes the following issues: - CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758) - CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758) - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2595-1 Released: Wed Nov 7 11:14:42 2018 Summary: Security update for systemd Type: security Severity: important References: 1089761,1090944,1091677,1093753,1101040,1102908,1105031,1107640,1107941,1109197,1109252,1110445,1112024,1113083,1113632,1113665,1114135,991901,CVE-2018-15686,CVE-2018-15688 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user at .service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - core: introduce systemd.early_core_pattern= kernel cmdline option - core: add missing 'continue' statement - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197) - emergency: make sure console password agents don't interfere with the emergency shell - man: document that 'nofail' also has an effect on ordering - journald: take leading spaces into account in syslog_parse_identifier - journal: do not remove multiple spaces after identifier in syslog message - syslog: fix segfault in syslog_parse_priority() - journal: fix syslog_parse_identifier() - install: drop left-over debug message (#6913) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. - Add udev.no-partlabel-links kernel command-line option. This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used. (bsc#1089761) - man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040) - systemctl: load unit if needed in 'systemctl is-active' (bsc#1102908) - core: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944) - Enable or disable machines.target according to the presets (bsc#1107941) - cryptsetup: add support for sector-size= option (fate#325697) - nspawn: always use permission mode 555 for /sys (bsc#1107640) - Bugfix for a race condition between daemon-reload and other commands (bsc#1105031) - Fixes an issue where login with root credentials was not possible in init level 5 (bsc#1091677) - Fix an issue where services of type 'notify' harmless DENIED log entries. (bsc#991901) - Does no longer adjust qgroups on existing subvolumes (bsc#1093753) - cryptsetup: add support for sector-size= option (#9936) (fate#325697 bsc#1114135) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2607-1 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Type: recommended Severity: low References: 1084812,1084842,1087550,1094222,1102564 Description: The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2641-1 Released: Mon Nov 12 20:39:30 2018 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1098217 Description: This update for nfsidmap fixes the following issues: - Improve support for SAMBA with Active Directory. (bsc#1098217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2644-1 Released: Mon Nov 12 20:40:15 2018 Summary: Recommended update for glib2-branding Type: recommended Severity: low References: 1097595 Description: This update for glib2-branding provides the following fix: - Recommend sound-theme-freedesktop on SLE. (bsc#1097595) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2742-1 Released: Thu Nov 22 13:28:36 2018 Summary: Recommended update for rpcbind Type: recommended Severity: moderate References: 969953 Description: This update for rpcbind fixes the following issues: - Fix tool stack buffer overflow aborting (bsc#969953) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2744-1 Released: Thu Nov 22 14:30:38 2018 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1111345 Description: This update for apparmor fixes the following issues: - allow dnsmasq to open logfiles (bsc#1111345) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2780-1 Released: Mon Nov 26 17:46:10 2018 Summary: Security update for glib2 Type: security Severity: moderate References: 1107116,1107121,1111499,CVE-2018-16428,CVE-2018-16429 Description: This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference (crash). Avoid that, at the cost of introducing a new translatable error message (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issue fixed: - various GVariant parsing issues have been resolved (bsc#1111499) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2825-1 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Type: security Severity: important References: 1115640,CVE-2018-17953 Description: This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2861-1 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Type: security Severity: important References: 1103320,1115929,CVE-2018-19211 Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2873-1 Released: Fri Dec 7 13:27:36 2018 Summary: Recommended update for python-cffi Type: recommended Severity: moderate References: 1111657 Description: This update for python-cffi fixes the following issues: - Fix the testsuite of python-cffi like upstream to solve corruption at build (bsc#1111657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2961-1 Released: Mon Dec 17 19:51:40 2018 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1098697,1112780 Description: This update for psmisc provides the following fix: - Make the fuser option -m work even with mountinfo. (bsc#1098697) - Support also btrFS entries in mountinfo, that is use stat(2) to determine the device of the mounted subvolume (bsc#1098697, bsc#1112780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2984-1 Released: Wed Dec 19 11:32:39 2018 Summary: Security update for perl Type: security Severity: moderate References: 1114674,1114675,1114681,1114686,CVE-2018-18311,CVE-2018-18312,CVE-2018-18313,CVE-2018-18314 Description: This update for perl fixes the following issues: Secuirty issues fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2986-1 Released: Wed Dec 19 13:53:22 2018 Summary: Security update for libnettle Type: security Severity: moderate References: 1118086,CVE-2018-16869 Description: This update for libnettle fixes the following issues: Security issues fixed: - CVE-2018-16869: Fixed a leaky data conversion exposing a manager oracle (bsc#1118086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:3044-1 Released: Fri Dec 21 18:47:21 2018 Summary: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss Type: security Severity: important References: 1097410,1106873,1119069,1119105,CVE-2018-0495,CVE-2018-12384,CVE-2018-12404,CVE-2018-12405,CVE-2018-17466,CVE-2018-18492,CVE-2018-18493,CVE-2018-18494,CVE-2018-18498 Description: This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:6-1 Released: Wed Jan 2 20:25:25 2019 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1099119,1099192 Description: GCC 7 was updated to the GCC 7.4 release. - Fix AVR configuration to not use __cxa_atexit or libstdc++ headers. Point to /usr/avr/sys-root/include as system header include directory. - Includes fix for build with ISL 0.20. - Pulls fix for libcpp lexing bug on ppc64le manifesting during build with gcc8. [bsc#1099119] - Pulls fix for forcing compile-time tuning even when building with -march=z13 on s390x. [bsc#1099192] - Fixes support for 32bit ASAN with glibc 2.27+ ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:23-1 Released: Mon Jan 7 16:30:33 2019 Summary: Security update for gpg2 Type: security Severity: moderate References: 1120346,CVE-2018-1000858 Description: This update for gpg2 fixes the following issue: Security issue fixed: - CVE-2018-1000858: Fixed a Cross Site Request Forgery(CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF (bsc#1120346). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:44-1 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Type: recommended Severity: low References: 953659 Description: This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:56-1 Released: Thu Jan 10 15:04:46 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1111345 Description: This update for apparmor fixes the following issues: - Update the last dnsmasq fix for logfiles when running under apparmor (bsc#1111345) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:62-1 Released: Thu Jan 10 20:30:58 2019 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1119063 Description: This update for xfsprogs fixes the following issues: - Fix root inode's parent when it's bogus for sf directory (xfs repair). (bsc#1119063) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:91-1 Released: Tue Jan 15 14:14:43 2019 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1090767,1121045,1121207 Description: This update for mozilla-nss fixes the following issues: - The hmac packages used in FIPS certification inadvertently removed in last update: re-added. (bsc#1121207) - Added 'Suggest:' for libfreebl3 and libsoftokn3 respective -hmac packages to avoid dependency issues during updates (bsc#1090767, bsc#1121045) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 Description: This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:137-1 Released: Mon Jan 21 15:52:45 2019 Summary: Security update for systemd Type: security Severity: important References: 1005023,1045723,1076696,1080919,1093753,1101591,1111498,1114933,1117063,1119971,1120323,CVE-2018-16864,CVE-2018-16865,CVE-2018-16866,CVE-2018-6954 Description: This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - CVE-2018-6954: Fix mishandling of symlinks present in non-terminal path components (bsc#1080919) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - pam_systemd: Fix 'Cannot create session: Already running in a session' (bsc#1111498) - systemd-vconsole-setup: vconsole setup fails, fonts will not be copied to tty (bsc#1114933) - systemd-tmpfiles-setup: symlinked /tmp to /var/tmp breaking multiple units (bsc#1045723) - Fixed installation issue with /etc/machine-id during update (bsc#1117063) - btrfs: qgroups are assigned to parent qgroups after reboot (bsc#1093753) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:147-1 Released: Wed Jan 23 17:57:31 2019 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1121446 Description: This update for ca-certificates-mozilla fixes the following issues: The package was updated to the 2.30 version of the Mozilla NSS Certificate store. (bsc#1121446) Removed Root CAs: - AC Raiz Certicamara S.A. - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - Visa eCommerce Root Added Root CAs: - Certigna Root CA (email and server auth) - GTS Root R1 (server auth) - GTS Root R2 (server auth) - GTS Root R3 (server auth) - GTS Root R4 (server auth) - OISTE WISeKey Global Root GC CA (email and server auth) - UCA Extended Validation Root (server auth) - UCA Global G2 Root (email and server auth) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:151-1 Released: Wed Jan 23 17:58:59 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1082956,1097370,1100779,1111342,1117354,1119937,1120472 Description: This update for apparmor fixes the following issues: - Change of path of rpm in lessopen.sh (bsc#1082956, bsc#1117354) - allow network access in lessopen.sh for reading files on NFS (workaround for bsc#1119937 / lp#1784499) - dropped check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (bsc#1120472) - netconfig: write resolv.conf to /run with link to /etc (fate#325872, bsc#1097370) [patch apparmor-nameservice-resolv-conf-link.patch] Update to AppArmor 2.12.2: - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (bsc#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.2 for the detailed upstream changelog Update to AppArmor 2.12.1: - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - add support for conditional includes ('include if exists') - ignore 'abi' rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including bsc#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.1 for detailed upstream release notes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:170-1 Released: Fri Jan 25 13:43:29 2019 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1118629 Description: This update for kmod fixes the following issues: - Fixes module dependency file corruption on parallel invocation (bsc#1118629). - Allows 'modprobe -c' to print the status of 'allow_unsupported_modules' option. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:189-1 Released: Mon Jan 28 14:14:46 2019 Summary: Recommended update for rpm Type: recommended Severity: moderate References: Description: This update for rpm fixes the following issues: - Add kmod(module) provides to kernel and KMPs (fate#326579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:215-1 Released: Thu Jan 31 15:59:57 2019 Summary: Security update for python3 Type: security Severity: important References: 1120644,1122191,CVE-2018-20406,CVE-2019-5010 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:247-1 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Type: security Severity: moderate References: 1123043,CVE-2019-6706 Description: This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:248-1 Released: Wed Feb 6 08:35:20 2019 Summary: Security update for curl Type: security Severity: important References: 1123371,1123377,1123378,CVE-2018-16890,CVE-2019-3822,CVE-2019-3823 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:251-1 Released: Wed Feb 6 11:22:43 2019 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1090047 Description: This update for glib2 provides the following fix: - Enable systemtap. (fate#326393, bsc#1090047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:273-1 Released: Wed Feb 6 16:48:18 2019 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1119069,1120374,1122983,CVE-2018-12404,CVE-2018-18500,CVE-2018-18501,CVE-2018-18505 Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issues fixed: - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983). - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed: - Update to MozillaFirefox ESR 60.5.0 - Update to mozilla-nss 3.41.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:369-1 Released: Wed Feb 13 14:01:42 2019 Summary: Recommended update for itstool Type: recommended Severity: moderate References: 1065270,1111019 Description: This update for itstool and python-libxml2-python fixes the following issues: Package: itstool - Updated version to support Python3. (bnc#1111019) Package: python-libxml2-python - Fix segfault when parsing invalid data. (bsc#1065270) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:418-1 Released: Sat Feb 16 11:33:57 2019 Summary: Security update for python-numpy Type: security Severity: important References: 1122208,CVE-2019-6446 Description: This update for python-numpy fixes the following issue: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:426-1 Released: Mon Feb 18 17:46:55 2019 Summary: Security update for systemd Type: security Severity: important References: 1117025,1121563,1122000,1123333,1123727,1123892,1124153,1125352,CVE-2019-6454 Description: This update for systemd fixes the following issues: - CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352) - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - logind: fix bad error propagation - login: log session state 'closing' (as well as New/Removed) - logind: fix borked r check - login: don't remove all devices from PID1 when only one was removed - login: we only allow opening character devices - login: correct comment in session_device_free() - login: remember that fds received from PID1 need to be removed eventually - login: fix FDNAME in call to sd_pid_notify_with_fds() - logind: fd 0 is a valid fd - logind: rework sd_eviocrevoke() - logind: check file is device node before using .st_rdev - logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153) - core: add a new sd_notify() message for removing fds from the FD store again - logind: make sure we don't trip up on half-initialized session devices (bsc#1123727) - fd-util: accept that kcmp might fail with EPERM/EACCES - core: Fix use after free case in load_from_path() (bsc#1121563) - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - core: free lines after reading them (bsc#1123892) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:532-1 Released: Fri Mar 1 13:47:29 2019 Summary: Recommended update for console-setup, kbd Type: recommended Severity: moderate References: 1122361 Description: This update for console-setup and kbd provides the following fix: - Fix Shift-Tab mapping. (bsc#1122361) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:571-1 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Type: security Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 Description: This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:577-1 Released: Mon Mar 11 12:03:49 2019 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1123820,1127073 Description: This update for apparmor fixes the following issues: - apparmor prevents libvirtd from starting (bsc#1127073) - Start apparmor after filesystem remount (bsc#1123820) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:641-1 Released: Tue Mar 19 13:17:28 2019 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1112570,1114984,1114993 Description: This update for glibc provides the following fixes: - Fix Haswell CPU string flags. (bsc#1114984) - Fix waiters-after-spinning case. (bsc#1114993) - Do not relocate absolute symbols. (bsc#1112570) - Add glibc-locale-base subpackage containing only C, C.UTF-8 and en_US.UTF-8 locales. (fate#326551) - Add HWCAP_ATOMICS to HWCAP_IMPORTANT (fate#325962) - Remove slow paths from math routines. (fate#325815, fate#325879, fate#325880, fate#325881, fate#325882) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:664-1 Released: Wed Mar 20 14:54:12 2019 Summary: Recommended update for gpgme Type: recommended Severity: low References: 1121051 Description: This update for gpgme provides the following fix: - Re-generate keys in Qt tests to not expire. (bsc#1121051) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:700-1 Released: Thu Mar 21 19:54:00 2019 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1044840 Description: This update for cyrus-sasl provides the following fix: - Fix a problem that was causing syslog to be polluted with messages 'GSSAPI client step 1'. By server context the connection will be sent to the log function but the client content does not have log level information, so there is no way to stop DEBUG level logs. (bsc#1044840) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:713-1 Released: Fri Mar 22 15:55:05 2019 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1063675,1126590 Description: This update for glibc fixes the following issues: - Add MAP_SYNC from Linux 4.15 (bsc#1126590) - Add MAP_SHARED_VALIDATE from Linux 4.15 (bsc#1126590) - nptl: Preserve error in setxid thread broadcast in coredumps (bsc#1063675, BZ #22153) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:732-1 Released: Mon Mar 25 14:10:04 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1088524,1118364,1128246 Description: This update for aaa_base fixes the following issues: - Restore old position of ssh/sudo source of profile (bsc#1118364). - Update logic for JRE_HOME env variable (bsc#1128246) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:788-1 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1119687,CVE-2018-20346 Description: This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 Description: This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:791-1 Released: Thu Mar 28 12:06:50 2019 Summary: Security update for libnettle Type: recommended Severity: moderate References: 1129598 Description: This update for libnettle to version 3.4.1 fixes the following issues: Issues addressed and new features: - Updated to 3.4.1 (fate#327114 and bsc#1129598) - Fixed a missing break statements in the parsing of PEM input files in pkcs1-conv. - Fixed a link error on the pss-mgf1-test which was affecting builds without public key support. - All functions using RSA private keys are now side-channel silent. This applies both to the bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of PKCS#1 padding needed for RSA decryption. - Changes in behavior: The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message buffer, independent of the actual message length. They are side-channel silent, in that branches and memory accesses don't depend on the validity or length of the message. Side-channel leakage from the caller's use of length and return value may still provide an oracle useable for a Bleichenbacher-style chosen ciphertext attack. Which is why the new function rsa_sec_decrypt is recommended. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:858-1 Released: Wed Apr 3 15:50:37 2019 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1120689,1126096 Description: This update for libtirpc fixes the following issues: - Fix a yp_bind_client_create_v3: RPC: Unknown host error (bsc#1126096). - add an option to enforce connection via protocol version 2 first (bsc#1120689). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:866-1 Released: Thu Apr 4 11:24:48 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1120279,1125439 Description: This update for apparmor fixes the following issues: - Add /proc/pid/tcp and /proc/pid/tcp6 entries to the apparmor profile. (bsc#1125439) - allow network access and notify file creation/access (bsc#1120279) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:894-1 Released: Fri Apr 5 17:16:23 2019 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1119414,1126327,1129753,SLE-3853,SLE-4117 Description: This update for rpm fixes the following issues: - This update shortens RPM changelog to after a certain cut off date (bsc#1129753) - Translate dashes to underscores in kmod provides (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1119414). - Re-add symset-table from SLE 12 (bsc#1126327). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:903-1 Released: Mon Apr 8 15:41:44 2019 Summary: Security update for glibc Type: security Severity: moderate References: 1100396,1122729,1130045,CVE-2016-10739 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2016-10739: Fixed an improper implementation of getaddrinfo function which could allow applications to incorrectly assume that had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings (bsc#1122729). Other issue fixed: - Fixed an issue where pthread_mutex_trylock did not use a correct order of instructions while maintained the robust mutex list due to missing compiler barriers (bsc#1130045). - Added new Japanese Era name support (bsc#1100396). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:966-1 Released: Wed Apr 17 12:20:13 2019 Summary: Recommended update for python-rpm-macros Type: recommended Severity: moderate References: 1128323 Description: This update for python-rpm-macros fixes the following issues: The Python RPM macros were updated to version 20190408.32abece, fixing bugs (bsc#1128323) * Add missing $ expansion on the pytest call * Rewrite pytest and pytest_arch into Lua macros with multiple arguments. * We should preserve existing PYTHONPATH. * Add --ignore to pytest calls to ignore build directories. * Actually make pytest into function to capture arguments as well * Add pytest definitions. * Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros. * Fix an issue with epoch printing having too many \ * add epoch while printing 'Provides:' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:971-1 Released: Wed Apr 17 14:43:26 2019 Summary: Security update for python3 Type: security Severity: important References: 1129346,CVE-2019-9636 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1002-1 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1110304,1129576 Description: This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1040-1 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Type: security Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1105-1 Released: Tue Apr 30 12:10:58 2019 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1084842,1114592,1124644,1128794,1129389,1131264,SLE-6738 Description: This update for gcc7 fixes the following issues: Update to gcc-7-branch head (r270528). - Disables switch jump-tables when retpolines are used. This restores some lost performance for kernel builds with retpolines. (bsc#1131264, jsc#SLE-6738) - Fix ICE compiling tensorflow on aarch64. (bsc#1129389) - Fix for aarch64 FMA steering pass use-after-free. (bsc#1128794) - Fix for s390x FP load-and-test issue. (bsc#1124644) - Improve build reproducability by disabling address-space randomization during build. - Adjust gnat manual entries in the info directory. (bsc#1114592) - Includes fix to no longer try linking -lieee with -mieee-fp. (bsc#1084842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1121-1 Released: Tue Apr 30 18:02:43 2019 Summary: Security update for gnutls Type: security Severity: important References: 1118087,1130681,1130682,CVE-2018-16868,CVE-2019-3829,CVE-2019-3836 Description: This update for gnutls fixes to version 3.6.7 the following issues: Security issued fixed: - CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages (bsc#1130682). - CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API (bsc#1130681). - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (bsc#1118087) Non-security issue fixed: - Update gnutls to support TLS 1.3 (fate#327114) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1127-1 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 Description: This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1206-1 Released: Fri May 10 14:01:55 2019 Summary: Security update for bzip2 Type: security Severity: low References: 985657,CVE-2016-3189 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1312-1 Released: Wed May 22 12:19:12 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1096191 Description: This update for aaa_base fixes the following issue: * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1351-1 Released: Fri May 24 14:41:10 2019 Summary: Security update for gnutls Type: security Severity: important References: 1118087,1134856,CVE-2018-16868 Description: This update for gnutls fixes the following issues: Security issue fixed: - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed: - Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1352-1 Released: Fri May 24 14:41:44 2019 Summary: Security update for python3 Type: security Severity: moderate References: 1130840,1133452,CVE-2019-9947 Description: This update for python3 to version 3.6.8 fixes the following issues: Security issue fixed: - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). Non-security issue fixed: - Fixed broken debuginfo packages by switching off LTO and PGO optimization (bsc#1133452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1357-1 Released: Mon May 27 13:29:15 2019 Summary: Security update for curl Type: security Severity: important References: 1135170,CVE-2019-5436 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1364-1 Released: Tue May 28 10:51:38 2019 Summary: Security update for systemd Type: security Severity: moderate References: 1036463,1121563,1124122,1125352,1125604,1126056,1127557,1130230,1132348,1132400,1132721,1133506,1133509,CVE-2019-3842,CVE-2019-3843,CVE-2019-3844,CVE-2019-6454,SLE-5933 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). - CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). - CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: - logind: fix killing of scopes (bsc#1125604) - namespace: make MountFlags=shared work again (bsc#1124122) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - Do not automatically online memory on s390x (bsc#1127557) - Removed sg.conf (bsc#1036463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1368-1 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Type: security Severity: important References: 1134524,CVE-2019-5021 Description: This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1372-1 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1105435,CVE-2018-1000654 Description: This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1484-1 Released: Thu Jun 13 07:46:46 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1128383 Description: This update for e2fsprogs fixes the following issues: - Check and fix tails of all bitmap blocks (bsc#1128383) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1486-1 Released: Thu Jun 13 09:40:24 2019 Summary: Security update for elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665 Description: This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1487-1 Released: Thu Jun 13 09:40:56 2019 Summary: Security update for python-requests Type: security Severity: moderate References: 1111622,CVE-2018-18074 Description: This update for python-requests to version 2.20.1 fixes the following issues: Security issue fixed: - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1590-1 Released: Thu Jun 20 19:49:57 2019 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1128598 Description: This update for permissions fixes the following issues: - Added whitelisting for /usr/lib/singularity/bin/starter-suid in the new singularity 3.1 version. (bsc#1128598) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1594-1 Released: Fri Jun 21 10:17:15 2019 Summary: Security update for glib2 Type: security Severity: important References: 1103678,1137001,CVE-2019-12450 Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed: - glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1595-1 Released: Fri Jun 21 10:17:44 2019 Summary: Security update for dbus-1 Type: security Severity: important References: 1137832,CVE-2019-12749 Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1616-1 Released: Fri Jun 21 11:04:39 2019 Summary: Recommended update for rpcbind Type: recommended Severity: moderate References: 1134659 Description: This update for rpcbind fixes the following issues: - Change rpcbind locking path from /var/run/rpcbind.lock to /run/rpcbind.lock. (bsc#1134659) - Change the order of socket/service in the %postun scriptlet to avoid an error from rpcbind.socket when rpcbind is running during package update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1627-1 Released: Fri Jun 21 11:15:11 2019 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1073421,1122271,1129859 Description: This update for xfsprogs fixes the following issues: - xfs_repair: will now allow '/' in attribute names (bsc#1122271) - xfs_repair: will now allow zeroing of corrupt log (bsc#1073421) - enabdled offline (unmounted) filesystem geometry queries (bsc#1129859) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1631-1 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Type: recommended Severity: low References: 1135709 Description: This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1635-1 Released: Fri Jun 21 12:45:53 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1134217 Description: This update for krb5 provides the following fix: - Move LDAP schema files from /usr/share/doc/packages/krb5 to /usr/share/kerberos/ldap. (bsc#1134217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1700-1 Released: Tue Jun 25 13:19:21 2019 Summary: Security update for libssh Type: recommended Severity: moderate References: 1134193 Description: This update for libssh fixes the following issue: Issue addressed: - Added support for new AES-GCM encryption types (bsc#1134193). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1737-1 Released: Wed Jul 3 21:12:04 2019 Summary: Recommended update for rdma-core Type: recommended Severity: moderate References: 996146 Description: This update for rdma-core fixes the following issues: - Fix man page of mlx5dv_create_flow_action_modify_header. (bsc#996146) - Fix libhns flush cqe in case multi-process. (bsc#996146) - Fix ibacm: acme does not work if server_mode is not unix. (bsc#996146) - Fix verbs: The ibv_xsrq_pingpong '-c' option is broken. (bsc#996146) - Fix mlx5: Fix masking service level in mlx5_create_ah. (bsc#996146) - Fix cmake: Explicitly convert build type to be STRING. (bsc#996146) - Fix libhns: Bugfix for filtering zero length sge. (bsc#996146) - Fix buildlib: Ensure stanza is properly sorted. (bsc#996146) - Fix debian: Create empty pyverbs package for builds without pyverbs. (bsc#996146) - Fix verbs: Fix attribute returning. (bsc#996146) - Fix build: Fix pyverbs build issues on Debian. (bsc#996146) - Fix travis: Change SuSE package target due to Travis CI failures. (bsc#996146) - Fix verbs: Avoid inline send when using device memory in rc_pingpong. (bsc#996146) - Fix mlx5: Use copy loop to read from device memory. (bsc#996146) - Fix verbs: clear cmd buffer when creating indirection table. (bsc#996146) - Fix libhns: Bugfix for using buffer length. (bsc#996146) - Fix incorrect error handling when SQ wqe count is 0. (bsc#996146) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1808-1 Released: Wed Jul 10 13:16:29 2019 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1133808 Description: This update for libgcrypt fixes the following issues: - Fixed redundant fips tests in some situations causing sudo to stop working when pam-kwallet is installed. bsc#1133808 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 Description: This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1833-1 Released: Fri Jul 12 17:53:51 2019 Summary: Security update for glib2 Type: security Severity: moderate References: 1139959,CVE-2019-13012 Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1835-1 Released: Fri Jul 12 18:06:31 2019 Summary: Security update for expat Type: security Severity: moderate References: 1139937,CVE-2018-20843 Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1846-1 Released: Mon Jul 15 11:36:33 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1853-1 Released: Mon Jul 15 16:03:36 2019 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1107617,1137053 Description: This update for systemd fixes the following issues: - conf-parse: remove 4K line length limit (bsc#1137053) - udevd: change the default value of udev.children-max (again) (bsc#1107617) - meson: stop creating enablement symlinks in /etc during installation (sequel) - Fixed build for openSUSE Leap 15+ - Make sure we don't ship any static enablement symlinks in /etc Those symlinks must only be created by the presets. There are no changes in practice since systemd/udev doesn't ship such symlinks in /etc but let's make sure no future changes will introduce new ones by mistake. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1869-1 Released: Wed Jul 17 14:03:20 2019 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1140868,CVE-2019-11709,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11715,CVE-2019-11717,CVE-2019-11719,CVE-2019-11729,CVE-2019-11730,CVE-2019-9811 Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1877-1 Released: Thu Jul 18 11:31:46 2019 Summary: Security update for glibc Type: security Severity: moderate References: 1117993,1123710,1127223,1127308,1131330,CVE-2009-5155,CVE-2019-9169 Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Does no longer compress debug sections in crt*.o files (bsc#1123710) - Fixes a concurrency problem in ldconfig (bsc#1117993) - Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1971-1 Released: Thu Jul 25 14:58:52 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1138939,CVE-2019-12904 Description: This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1984-1 Released: Fri Jul 26 00:15:46 2019 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1036463,1127155,1134819,937216 Description: This update for suse-module-tools fixes the following issues: - Softdep of bridge on br_netfilter. (bsc#937216, bsc#1134819) - Install sg.conf under /usr/lib/modules-load.d and avoid file conflict with systemd. (bsc#1036463) - weak-modules2: Emit 'inconsistent' warning only if replacement fails. (bsc#1127155) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1994-1 Released: Fri Jul 26 16:12:05 2019 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1135123 Description: This update for libxml2 fixes the following issues: - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2004-1 Released: Mon Jul 29 13:01:59 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2006-1 Released: Mon Jul 29 13:02:49 2019 Summary: Security update for gpg2 Type: security Severity: important References: 1124847,1141093,CVE-2019-13050 Description: This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed a denial of service attacks via big keys (bsc#1141093). Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2050-1 Released: Tue Aug 6 09:42:37 2019 Summary: Security update for python3 Type: security Severity: important References: 1094814,1138459,1141853,CVE-2018-20852,CVE-2019-10160 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Non-security issue fixed: - Fixed an issue where the SIGINT signal was ignored or not handled (bsc#1094814). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2085-1 Released: Wed Aug 7 13:58:43 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1135751 Description: This update for apparmor fixes the following issues: - Profile updates for dnsmasq, dovecot, identd, syslog-ng - Parser: fix 'Px -> foo-bar' (the '-' was rejected before) - Add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys. - Fix build with swig 4.0. (bsc#1135751) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2097-1 Released: Fri Aug 9 09:31:17 2019 Summary: Recommended update for libgcrypt Type: recommended Severity: important References: 1097073 Description: This update for libgcrypt fixes the following issues: - Fixed a regression where system were unable to boot in fips mode, caused by an incomplete implementation of previous change (bsc#1097073). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2134-1 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1136717,1137624,1141059,SLE-5807 Description: This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2142-1 Released: Wed Aug 14 18:14:04 2019 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1141322 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.45 (bsc#1141322) : * New function in pk11pub.h: PK11_FindRawCertsWithSubject * The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374) * Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078). * Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579) * Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262) * Add IPSEC IKE support to softoken (bmo#1546229) * Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616) * Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed. * Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime. mozilla-nspr was updated to version 4.21 * Changed prbit.h to use builtin function on aarch64. * Removed Gonk/B2G references. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2188-1 Released: Wed Aug 21 10:10:29 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1140647 Description: This update for aaa_base fixes the following issues: - Make systemd detection cgroup oblivious. (bsc#1140647) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2190-1 Released: Wed Aug 21 17:00:34 2019 Summary: SUSE Enterprise Storage 6 Technical Container Preview Type: optional Severity: low References: 1145433 Description: This is a technical preview for SUSE Enterprise Storage 6. From sle-updates at lists.suse.com Sat Feb 1 01:35:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:35:05 +0100 (CET) Subject: SUSE-CU-2019:741-1: Security update of ses/6/cephcsi/cephcsi Message-ID: <20200201083505.CD510F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:741-1 Container Tags : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.28 , ses/6/cephcsi/cephcsi:latest Container Release : 1.5.28 Severity : important Type : security References : 1073313 1081947 1081947 1082293 1082318 1085196 1088358 1106214 1111388 1112438 1114845 1121197 1122417 1122666 1125689 1125886 1127701 1129071 1132663 1132900 1133773 1134616 1135534 1135708 1135984 1136245 1137296 1141113 1141883 1143055 1143194 1143273 1144047 1144169 1145383 1146182 1146184 1146866 1148494 1149203 1149429 1149495 1149496 1150003 1150250 1150895 1151479 1152326 353876 CVE-2017-17740 CVE-2019-11236 CVE-2019-11324 CVE-2019-13057 CVE-2019-13565 CVE-2019-14806 CVE-2019-1547 CVE-2019-1563 CVE-2019-15903 CVE-2019-5481 CVE-2019-5482 CVE-2019-6446 CVE-2019-9511 CVE-2019-9513 CVE-2019-9740 SLE-6094 SLE-8532 SLE-9132 ----------------------------------------------------------------- The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2218-1 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Type: recommended Severity: moderate References: 1141883 Description: This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2241-1 Released: Wed Aug 28 14:58:49 2019 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1144169 Description: This update for ca-certificates-mozilla fixes the following issues: ca-certificates-mozillawas updated to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169) Removed CAs: - Certinomis - Root CA Includes new root CAs from the 2.32 version: - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2306-1 Released: Thu Sep 5 14:39:23 2019 Summary: Recommended update for parted Type: recommended Severity: moderate References: 1082318,1136245 Description: This update for parted fixes the following issues: - Included several minor bug fixes - for more details please refer to this rpm's changelog (bsc#1136245) - Installs the license file in the correct directory (bsc#1082318) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2307-1 Released: Thu Sep 5 14:45:08 2019 Summary: Security update for util-linux and shadow Type: security Severity: moderate References: 1081947,1082293,1085196,1106214,1121197,1122417,1125886,1127701,1135534,1135708,1141113,353876 Description: This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Prevent outdated pam files (bsc#1082293). - De-duplicate fstrim -A properly (bsc#1127701). - Do not trim read-only volumes (bsc#1106214). - Integrate pam_keyinit pam module to login (bsc#1081947). - Perform one-time reset of /etc/default/su (bsc#1121197). - Fix problems in reading of login.defs values (bsc#1121197) - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add RemainAfterExit=yes (bsc#1135534). - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - libmount: print a blacklist hint for 'unknown filesystem type' (jsc#SUSE-4085, fate#326832) - Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197). shadow: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Fix segfault in useradd during setting password inactivity period. (bsc#1141113) - Hardening for su wrappers (bsc#353876) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2332-1 Released: Mon Sep 9 10:17:16 2019 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1129071,1132663,1132900,CVE-2019-11236,CVE-2019-11324,CVE-2019-9740 Description: This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2361-1 Released: Thu Sep 12 07:54:54 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1081947,1144047 Description: This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2365-1 Released: Thu Sep 12 11:23:31 2019 Summary: Security update for python-Werkzeug Type: security Severity: moderate References: 1145383,CVE-2019-14806 Description: This update for python-Werkzeug fixes the following issues: Security issue fixed: - CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container (bsc#1145383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2367-1 Released: Thu Sep 12 12:59:37 2019 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1122666,1135984,1137296 Description: This update for lvm2 fixes the following issues: - Fix unknown feature in status message (bsc#1135984) - Fix using device aliases with lvmetad (bsc#1137296) - Fix devices drop open error message (bsc#1122666) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2373-1 Released: Thu Sep 12 14:18:53 2019 Summary: Security update for curl Type: security Severity: important References: 1149495,1149496,CVE-2019-5481,CVE-2019-5482 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2395-1 Released: Wed Sep 18 08:31:38 2019 Summary: Security update for openldap2 Type: security Severity: moderate References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565 Description: This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2403-1 Released: Wed Sep 18 16:14:29 2019 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1150003,1150250,CVE-2019-1547,CVE-2019-1563 Description: This update for openssl-1_1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2416-1 Released: Fri Sep 20 12:51:10 2019 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1148494,SLE-6094 Description: This update for suse-module-tools fixes the following issues: - Remove 'modhash' as it has moved to mokutil package. (jsc#SLE-6094, bsc#1148494) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2422-1 Released: Fri Sep 20 16:36:43 2019 Summary: Recommended update for python-urllib3 Type: recommended Severity: moderate References: 1150895 Description: This update for python-urllib3 fixes the following issues: - Add missing dependency on python-six (bsc#1150895) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2423-1 Released: Fri Sep 20 16:41:45 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1146866,SLE-9132 Description: This update for aaa_base fixes the following issues: Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132) Following settings have been tightened (and set to 0): - net.ipv4.conf.all.accept_redirects - net.ipv4.conf.default.accept_redirects - net.ipv4.conf.default.accept_source_route - net.ipv6.conf.all.accept_redirects - net.ipv6.conf.default.accept_redirects ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2429-1 Released: Mon Sep 23 09:28:40 2019 Summary: Security update for expat Type: security Severity: moderate References: 1149429,CVE-2019-15903 Description: This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2447-1 Released: Tue Sep 24 13:31:53 2019 Summary: Recommended update for ceph-csi Type: recommended Severity: low References: 1151479 Description: This is a Technical Preview update for ceph-csi. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2462-1 Released: Wed Sep 25 16:43:04 2019 Summary: Security update for python-numpy Type: security Severity: moderate References: 1149203,CVE-2019-6446,SLE-8532 Description: This update for python-numpy fixes the following issues: Non-security issues fixed: - Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2473-1 Released: Thu Sep 26 10:02:03 2019 Summary: Security update for nghttp2 Type: security Severity: moderate References: 1112438,1125689,1134616,1146182,1146184,CVE-2019-9511,CVE-2019-9513 Description: This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#11461). Bug fixes and enhancements: - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Feature: Add W&S module (FATE#326776, bsc#1112438) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2483-1 Released: Fri Sep 27 14:16:23 2019 Summary: Optional update for python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate. Type: optional Severity: low References: 1088358 Description: This update ships python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate for the SUSE Linux Enterprise Public Cloud 15 module. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2488-1 Released: Mon Sep 30 11:24:28 2019 Summary: Optional update for ceph Type: optional Severity: low References: 1152326 Description: This update will just be released to the codestream to align the versions (bsc#1152326) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2418-1 Released: Thu Nov 14 11:53:03 2019 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1133773,1143055 Description: This update for bash fixes the following issues: - Rework patch readline-7.0-screen (bsc#1143055): map all 'screen(-xxx)?.yyy(-zzz)?' to 'screen' as well as map 'konsole(-xxx)?' and 'gnome(-xxx)?' to 'xterm' - Add a backport from bash 5.0 to perform better with large numbers of sub processes. (bsc#1133773) From sle-updates at lists.suse.com Sat Feb 1 01:35:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:35:13 +0100 (CET) Subject: SUSE-CU-2019:742-1: Security update of ses/6/cephcsi/cephcsi Message-ID: <20200201083513.4BF37F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:742-1 Container Tags : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.34 , ses/6/cephcsi/cephcsi:latest Container Release : 1.5.34 Severity : moderate Type : security References : 1082318 1128828 1142614 1150137 1152559 1152690 CVE-2019-16168 CVE-2019-9893 ----------------------------------------------------------------- The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2517-1 Released: Wed Oct 2 10:49:20 2019 Summary: Security update for libseccomp Type: security Severity: moderate References: 1082318,1128828,1142614,CVE-2019-9893 Description: This update for libseccomp fixes the following issues: Security issues fixed: - CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828) libseccomp was updated to new upstream release 2.4.1: - Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893): - Update the syscall table for Linux v5.0-rc5 - Added support for the SCMP_ACT_KILL_PROCESS action - Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute - Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension - Added support for the parisc and parisc64 architectures - Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) - Return -EDOM on an endian mismatch when adding an architecture to a filter - Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() - Fix PFC generation when a syscall is prioritized, but no rule exists - Numerous fixes to the seccomp-bpf filter generation code - Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 - Numerous tests added to the included test suite, coverage now at ~92% - Update our Travis CI configuration to use Ubuntu 16.04 - Numerous documentation fixes and updates libseccomp was updated to release 2.3.3: - Updated the syscall table for Linux v4.15-rc7 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2533-1 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1150137,CVE-2019-16168 Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2564-1 Released: Fri Oct 4 15:52:57 2019 Summary: Recommended update for rook Type: recommended Severity: moderate References: 1152559,1152690 Description: This update for rook fixes the following issues: - Enforces the use of the ceph kernel client driver (bsc#1152690) - Fixes an issue where rook has used the wrong version number (bsc#1152559) From sle-updates at lists.suse.com Sat Feb 1 01:35:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:35:23 +0100 (CET) Subject: SUSE-CU-2019:743-1: Recommended update of ses/6/cephcsi/cephcsi Message-ID: <20200201083523.AA595F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:743-1 Container Tags : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.36 , ses/6/cephcsi/cephcsi:latest Container Release : 1.5.36 Severity : low Type : recommended References : ----------------------------------------------------------------- The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Sat Feb 1 01:35:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:35:32 +0100 (CET) Subject: SUSE-CU-2019:744-1: Security update of ses/6/cephcsi/cephcsi Message-ID: <20200201083532.4CED4F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:744-1 Container Tags : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.57 , ses/6/cephcsi/cephcsi:latest Container Release : 1.5.57 Severity : important Type : security References : 1049825 1051143 1071995 1092100 1109412 1109413 1109414 1110797 1111996 1112534 1112535 1113247 1113252 1113255 1116827 1116995 1118644 1118830 1118831 1120629 1120630 1120631 1120640 1121034 1121035 1121056 1121753 1127155 1127608 1130306 1131113 1131823 1133131 1133232 1134226 1135749 1137977 1138869 1139459 1139795 1140039 1140631 1141897 1141913 1142343 1142649 1142772 1145023 1145521 1145716 1146027 1146415 1146947 1148517 1149121 1149145 1149792 1149792 1149792 1149955 1150451 1150595 1150733 1151023 1151490 1152101 1152590 1153165 1153238 1153557 1153674 1153936 1154016 1154025 1154217 859480 CVE-2018-1000876 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2019-1010180 CVE-2019-14250 CVE-2019-14287 CVE-2019-14853 CVE-2019-14859 CVE-2019-15847 CVE-2019-16056 CVE-2019-16935 CVE-2019-17543 CVE-2019-3689 CVE-2019-5094 ECO-368 PM-1350 SLE-6206 SLE-7687 SLE-9426 ----------------------------------------------------------------- The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2626-1 Released: Thu Oct 10 17:22:35 2019 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1110797 Description: This update for permissions fixes the following issues: - Updated permissons for amanda. (bsc#1110797) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2645-1 Released: Fri Oct 11 17:11:23 2019 Summary: Recommended update for python-cryptography Type: recommended Severity: moderate References: 1149792 Description: This update for python-cryptography fixes the following issues: - Adds compatibility to openSSL 1.1.1d (bsc#1149792) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2647-1 Released: Fri Oct 11 17:12:06 2019 Summary: Recommended update for python-pyOpenSSL Type: recommended Severity: moderate References: 1149792 Description: This update for python-pyOpenSSL fixes the following issues: - Adds compatibility for openSSL 1.1.1d (bsc#1149792) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2656-1 Released: Mon Oct 14 17:02:24 2019 Summary: Security update for sudo Type: security Severity: important References: 1153674,CVE-2019-14287 Description: This update for sudo fixes the following issue: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2676-1 Released: Tue Oct 15 21:06:54 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1145716,1152101,CVE-2019-5094 Description: This update for e2fsprogs fixes the following issues: Security issue fixed: - CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101) Non-security issue fixed: - libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2693-1 Released: Wed Oct 16 16:43:30 2019 Summary: Recommended update for rpcbind Type: recommended Severity: moderate References: 1142343 Description: This update for rpcbind fixes the following issues: - Return correct IP address with multiple ip addresses in the same subnet. (bsc#1142343) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2702-1 Released: Wed Oct 16 18:41:30 2019 Summary: Security update for gcc7 Type: security Severity: moderate References: 1071995,1141897,1142649,1148517,1149145,CVE-2019-14250,CVE-2019-15847 Description: This update for gcc7 to r275405 fixes the following issues: Security issues fixed: - CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649). - CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145). Non-security issue fixed: - Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 Description: This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2742-1 Released: Tue Oct 22 15:40:16 2019 Summary: Recommended update for libzypp, zypper, libsolv and PackageKit Type: recommended Severity: important References: 1049825,1116995,1120629,1120630,1120631,1127155,1127608,1130306,1131113,1131823,1134226,1135749,1137977,1139795,1140039,1145521,1146027,1146415,1146947,1153557,859480,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 Description: This update for libzypp, zypper, libsolv and PackageKit fixes the following issues: Security issues fixed in libsolv: - CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629). - CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630). - CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631). Other issues addressed in libsolv: - Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749). - Fixed an issue with the package name (bsc#1131823). - repo_add_rpmdb: do not copy bad solvables from the old solv file - Fixed an issue with cleandeps updates in which all packages were not updated - Experimental DISTTYPE_CONDA and REL_CONDA support - Fixed cleandeps jobs when using patterns (bsc#1137977) - Fixed favorq leaking between solver runs if the solver is reused - Fixed SOLVER_FLAG_FOCUS_BEST updateing packages without reason - Be more correct with multiversion packages that obsolete their own name (bnc#1127155) - Fix repository priority handling for multiversion packages - Make code compatible with swig 4.0, remove obj0 instances - repo2solv: support zchunk compressed data - Remove NO_BRP_STRIP_DEBUG=true as brp-15-strip-debug will not strip debug info for archives Issues fixed in libzypp: - Fix empty metalink downloads if filesize is unknown (bsc#1153557) - Recognize riscv64 as architecture - Fix installation of new header file (fixes #185) - zypp.conf: Introduce `solver.focus` to define the resolvers general attitude when resolving jobs. (bsc#1146415) - New container detection algorithm for zypper ps (bsc#1146947) - Fix leaking filedescriptors in MediaCurl. (bsc#1116995) - Run file conflict check on dry-run. (bsc#1140039) - Do not remove orphan products if the .prod file is owned by a package. (bsc#1139795) - Rephrase file conflict check summary. (bsc#1140039) - Fix bash completions option detection. (bsc#1049825) - Fixes a bug where zypper exited on SIGPIPE when downloading packages (bsc#1145521) - Fixes an issue where zypper exited with a segmentation fault when updating via YaST2 (bsc#1146027) - PublicKey::algoName: supply key algorithm and length Issues fixed in zypper: - Update to version 1.14.30 - Ignore SIGPIPE while STDOUT/STDERR are OK (bsc#1145521) - Dump stacktrace on SIGPIPE (bsc#1145521) - info: The requested info must be shown in QUIET mode (fixes #287) - Fix local/remote url classification. - Rephrase file conflict check summary (bsc#1140039) - Fix bash completions option detection (bsc#1049825) - man: split '--with[out]' like options to ease searching. - Unhided 'ps' command in help - Added option to show more conflict information - Rephrased `zypper ps` hint (bsc#859480) - Fixed repo refresh not returning 106-ZYPPER_EXIT_INF_REPOS_SKIPPED if --root is used (bsc#1134226) - Fixed unknown package handling in zypper install (bsc#1127608) - Re-show progress bar after pressing retry upon install error (bsc#1131113) Issues fixed in PackageKit: - Port the cron configuration variables to the systemd timer script, and add -sendwait parameter to mail in the script(bsc#1130306). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2757-1 Released: Wed Oct 23 17:21:17 2019 Summary: Security update for lz4 Type: security Severity: moderate References: 1153936,CVE-2019-17543 Description: This update for lz4 fixes the following issues: - CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 Description: This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2779-1 Released: Thu Oct 24 16:57:42 2019 Summary: Security update for binutils Type: security Severity: moderate References: 1109412,1109413,1109414,1111996,1112534,1112535,1113247,1113252,1113255,1116827,1118644,1118830,1118831,1120640,1121034,1121035,1121056,1133131,1133232,1141913,1142772,1152590,1154016,1154025,CVE-2018-1000876,CVE-2018-17358,CVE-2018-17359,CVE-2018-17360,CVE-2018-17985,CVE-2018-18309,CVE-2018-18483,CVE-2018-18484,CVE-2018-18605,CVE-2018-18606,CVE-2018-18607,CVE-2018-19931,CVE-2018-19932,CVE-2018-20623,CVE-2018-20651,CVE-2018-20671,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945,CVE-2019-1010180,ECO-368,SLE-6206 Description: This update for binutils fixes the following issues: binutils was updated to current 2.32 branch [jsc#ECO-368]. Includes following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO build issues (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section - Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016). - Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590). Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Fix broken debug symbols (bsc#1118644) - Handle ELF compressed header alignment correctly. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2782-1 Released: Fri Oct 25 14:27:52 2019 Summary: Security update for nfs-utils Type: security Severity: moderate References: 1150733,CVE-2019-3689 Description: This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2802-1 Released: Tue Oct 29 11:39:05 2019 Summary: Security update for python3 Type: security Severity: moderate References: 1149121,1149792,1149955,1151490,1153238,CVE-2019-16056,CVE-2019-16935,PM-1350,SLE-9426 Description: This update for python3 to 3.6.9 fixes the following issues: Security issues fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Non-security issues fixed: - Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL. (bsc#1151490) - Improved locale handling by implementing PEP 538. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2812-1 Released: Tue Oct 29 14:57:55 2019 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1139459,1140631,1145023,1150595,SLE-7687 Description: This update for systemd provides the following fixes: - Fix a problem that would cause invoking try-restart to an inactive service to hang when a daemon-reload is invoked before the try-restart returned. (bsc#1139459) - man: Add a note about _netdev usage. - units: Replace remote-cryptsetup-pre.target with remote-fs-pre.target. - units: Add [Install] section to remote-cryptsetup.target. - cryptsetup: Ignore _netdev, since it is used in generator. - cryptsetup-generator: Use remote-cryptsetup.target when _netdev is present. (jsc#SLE-7687) - cryptsetup-generator: Add a helper utility to create symlinks. - units: Add remote-cryptsetup.target and remote-cryptsetup-pre.target. - man: Add an explicit description of _netdev to systemd.mount(5). - man: Order fields alphabetically in crypttab(5). - man: Make crypttab(5) a bit easier to read. - units: Order cryptsetup-pre.target before cryptsetup.target. - Fix reporting of enabled-runtime units. - sd-bus: Deal with cookie overruns. (bsc#1150595) - rules: Add by-id symlinks for persistent memory. (bsc#1140631) - Buildrequire polkit so /usr/share/polkit-1/rules.d subdir can be only owned by polkit. (bsc#1145023) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2870-1 Released: Thu Oct 31 08:09:14 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1051143,1138869,1151023 Description: This update for aaa_base provides the following fixes: - Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869) - Add s390x compressed kernel support. (bsc#1151023) - service: Check if there is a second argument before using it. (bsc#1051143) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2891-1 Released: Mon Nov 4 17:47:10 2019 Summary: Security update for python-ecdsa Type: security Severity: moderate References: 1153165,1154217,CVE-2019-14853,CVE-2019-14859 Description: This update for python-ecdsa to version 0.13.3 fixes the following issues: Security issues fixed: - CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165). - CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217). From sle-updates at lists.suse.com Sat Feb 1 01:35:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:35:41 +0100 (CET) Subject: SUSE-CU-2019:745-1: Recommended update of ses/6/cephcsi/cephcsi Message-ID: <20200201083541.92DBFF798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:745-1 Container Tags : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.59 , ses/6/cephcsi/cephcsi:latest Container Release : 1.5.59 Severity : moderate Type : recommended References : 1151481 ----------------------------------------------------------------- The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2929-1 Released: Thu Nov 7 16:45:13 2019 Summary: Recommended update for python-kubernetes Type: recommended Severity: moderate References: 1151481 Description: This update for python-kubernetes fixes the following issues: - python-ipaddress is only required for building on Python2 (on Python3 is part of the standard library) - Backport fix for base64 padding in kubeconfig (bsc#1151481) From sle-updates at lists.suse.com Sat Feb 1 01:35:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:35:50 +0100 (CET) Subject: SUSE-CU-2019:746-1: Security update of ses/6/cephcsi/cephcsi Message-ID: <20200201083550.A9F23F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:746-1 Container Tags : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.63 , ses/6/cephcsi/cephcsi:latest Container Release : 1.5.63 Severity : important Type : security References : 1103320 1132767 1134444 1135584 1137503 1140491 1141174 1145093 1145617 1145618 1145759 1146656 1147132 1149093 1150406 1151439 1151990 1151991 1151992 1151993 1151994 1151995 1152002 1154019 1154036 1154037 1156282 CVE-2019-10222 CVE-2019-17594 CVE-2019-17595 ----------------------------------------------------------------- The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2980-1 Released: Thu Nov 14 22:45:33 2019 Summary: Optional update for curl Type: optional Severity: low References: 1154019 Description: This update for curl doesn't address any user visible issues. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2994-1 Released: Mon Nov 18 13:34:33 2019 Summary: Security update for ceph Type: security Severity: important References: 1132767,1134444,1135584,1137503,1140491,1141174,1145093,1145617,1145618,1145759,1146656,1147132,1149093,1150406,1151439,1151990,1151991,1151992,1151993,1151994,1151995,1152002,1156282,CVE-2019-10222 Description: This update for ceph fixes the following issues: - A previous update introduced a regression with the potential to cause RocksDB data corruption in Nautilus (bsc#1156282). - Support for iSCSI target-level CHAP authentication was added (bsc#1145617). - Implemented validation and rendering of iSCSI controls based 'type' (bsc#1140491). - Fixed an error while editing iSCSI image advanced settings (bsc#1146656). - Fixed a ceph-volume regression. SES customers were never exposed to this regression (bsc#1132767). - Fixed a denial of service vulnerability where an unauthenticated client of Ceph Object Gateway could trigger a crash from an uncaught exception (bsc#1145093, CVE-2019-10222) - Nautilus-based librbd clients could not open images on Jewel clusters (bsc#1151994). - The RGW num_rados_handles has been removed (bsc#1151995). - 'osd_deep_scrub_large_omap_object_key_threshold' has been lowered in Nautilus (bsc#1152002). - The ceph dashboard now supports silencing Prometheus notifications (bsc#1141174). - The no{up,down,in,out} related commands have been revamped (bsc#1151990). - Radosgw-admin got two new subcommands for managing expire-stale objects (bsc#1151991).. - Deploying a single new BlueStore OSD on a cluster upgraded to SES6 from SES5 used to break pool utilization stats reported by ceph df (bsc#1151992). - Ceph clusters will issue a health warning if CRUSH tunables are older than 'hammer' (bsc#1151993). - Ceph-volume prints errors to stdout with --format json (bsc#1132767). - Changing rgw-api-host in the dashboard does not get effective without disable/enable dashboard mgr module (bsc#1137503). - Silenced Alertmanager alerts in the dashboard (bsc#1141174). - Fixed e2e failures in the dashboard caused by webdriver version (bsc#1145759) - librbd always tries to acquire exclusive lock when removing image an (bsc#1149093). Fixes in ses-manual_en: - Added a new chapter with changelogs of Ceph releases. (bsc#1135584) - Rewrote rolling updates and replaced running stage.0 with manual commands to prevent infinite loop. (bsc#1134444) - Improved name of CaaSP to its fuller version. (bsc#1151439) - Verify which OSD's are going to be removed before running stage.5. (bsc#1150406) - Added two additional steps to recovering an OSD. (bsc#1147132) Fixes in ceph-iscsi: - Validate kernel LIO controls type and value (bsc#1140491) - TPG lun_id persistence (bsc#1145618) - Target level CHAP authentication (bsc#1145617) ceph-iscsi was updated to the upstream 3.2 release: - Always use host FQDN instead of shortname - Validate min/max value for target controls and rbd:user/tcmu-runner image controls (bsc#1140491) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2997-1 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Type: security Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). From sle-updates at lists.suse.com Sat Feb 1 01:35:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:35:59 +0100 (CET) Subject: SUSE-CU-2020:32-1: Security update of ses/6/cephcsi/cephcsi Message-ID: <20200201083559.0BA71F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:32-1 Container Tags : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.102 , ses/6/cephcsi/cephcsi:latest Container Release : 1.5.102 Severity : important Type : security References : 1007715 1027282 1029377 1029902 1040164 1042670 1070853 1079761 1081750 1083507 1084934 1086001 1088004 1088009 1088573 1093414 1094814 1107030 1109663 1109847 1114592 1120644 1122191 1123919 1124556 1129346 1130840 1131817 1132337 1133452 1134365 1135254 1137131 1137132 1137227 1137942 1138459 1140504 1140601 1140879 1141203 1141322 1141853 1141897 1142152 1142649 1142654 1145231 1145554 1145571 1145756 1146415 1146475 1148360 1148498 1148517 1148987 1149121 1149145 1149203 1149511 1149792 1149955 1150734 1151490 1152755 1153238 1153351 1153876 1154230 1154295 1154871 1154884 1154887 1155045 1155199 1155338 1155339 1155346 1155407 1155463 1155655 1155668 1155950 1156571 1157198 1157278 1157438 1157611 1157775 1157891 1158095 1158095 1158101 1158120 1158527 1158809 1158923 1158925 1158926 1158927 1158929 1158930 1158931 1158932 1158933 1159035 1159622 1159819 1159989 1160920 637176 658604 673071 709442 743787 747125 751718 754447 754677 787526 809831 831629 834601 871152 885662 885882 917607 942751 951166 983582 984751 985177 985348 989523 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-18508 CVE-2018-20406 CVE-2018-20852 CVE-2019-10160 CVE-2019-11745 CVE-2019-12290 CVE-2019-13627 CVE-2019-14250 CVE-2019-14866 CVE-2019-14889 CVE-2019-14889 CVE-2019-1551 CVE-2019-15847 CVE-2019-15903 CVE-2019-16056 CVE-2019-16935 CVE-2019-17006 CVE-2019-18224 CVE-2019-3688 CVE-2019-3690 CVE-2019-5010 CVE-2019-9636 CVE-2019-9947 SLE-6533 SLE-6536 SLE-8532 SLE-8789 SLE-9171 ----------------------------------------------------------------- The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3010-1 Released: Tue Nov 19 18:10:58 2019 Summary: Recommended update for zypper and libsolv Type: recommended Severity: moderate References: 1145554,1146415,1149511,1153351,SLE-9171 Description: This update for zypper and libsolv fixes the following issues: Package: zypper - Improved the documentation of $releasever and --releasever usescases (bsc#1149511) - zypper will now ask only once when multiple packages share the same license text (bsc#1145554) - Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus mode when resolving jobs (bsc#1146415) - Fixes an issue where 'zypper lu' didn't list all available package updates (bsc#1153351) - Added a new --repo option to the 'download' command to allow to specify a repository (jsc#SLE-9171) Package: libsolv - Fixes issues when updating too many packages in focusbest mode - Fixes the handling of disabled and installed packages in distupgrade ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3040-1 Released: Fri Nov 22 11:59:52 2019 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1145231 Description: This update for lvm2 fixes the following issues: - Adds a fix to detect MD devices by LVM2 with metadata=1.0/0.9 (bsc#1145231) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3059-1 Released: Mon Nov 25 17:33:07 2019 Summary: Security update for cpio Type: security Severity: moderate References: 1155199,CVE-2019-14866 Description: This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3061-1 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Type: security Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 Description: This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3070-1 Released: Tue Nov 26 12:39:29 2019 Summary: Recommended update for gpg2 Type: recommended Severity: low References: 1152755 Description: This update for gpg2 provides the following fix: - Remove a build requirement on self. This is causing Leap 15.2 bootstrap to fail. (bsc#1152755) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 Description: This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3087-1 Released: Thu Nov 28 10:03:00 2019 Summary: Security update for libxml2 Type: security Severity: low References: 1123919 Description: This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3118-1 Released: Fri Nov 29 14:41:35 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1154295 Description: This update for e2fsprogs fixes the following issues: - Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3166-1 Released: Wed Dec 4 11:24:42 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1007715,1084934,1157278 Description: This update for aaa_base fixes the following issues: - Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934) - Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715) - Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3167-1 Released: Wed Dec 4 11:27:35 2019 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1142152 Description: This update for suse-module-tools fixes the following issues: - Add dependency of papr_scm on libnvdimm in the initrd image. (bsc#1142152, ltc#176292, FATE#327775). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3172-1 Released: Wed Dec 4 11:46:44 2019 Summary: Recommended update for libstoragemgmt Type: recommended Severity: moderate References: 1155407 Description: This update for libstoragemgmt ships two new sub-packages (fate#327790 bsc#1155407): - libstoragemgmt-hpsa-plugin: HP SmartArray plugin. - libstoragemgmt-megaraid-plugin: LSI MegaRaid plugin. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3181-1 Released: Thu Dec 5 11:43:07 2019 Summary: Security update for permissions Type: security Severity: moderate References: 1093414,1150734,1157198,CVE-2019-3688,CVE-2019-3690 Description: This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused sagmentation fault (bsc#1157198). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3240-1 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Type: recommended Severity: moderate References: 1154871 Description: This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3267-1 Released: Wed Dec 11 11:19:53 2019 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3343-1 Released: Thu Dec 19 11:05:27 2019 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1155668 Description: This update for lvm2 fixes the following issues: - Fix seeing a 90 Second delay during shutdown and reboot. (bsc#1155668) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3374-1 Released: Fri Dec 20 10:39:16 2019 Summary: Recommended update for python-CherryPy Type: recommended Severity: moderate References: 1158120 Description: This update for python-CherryPy fixes the following issues: - Add compatibility to make tests pass with the recent versions of Python with fixed http.client.HTTPConnection.putrequest(). (bsc#1158120, jsc#PM-1350) - Run spec-cleaner on the SPEC file. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3392-1 Released: Fri Dec 27 13:33:29 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1148987,1155338,1155339,CVE-2019-13627 Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987). Bug fixes: - Added CMAC AES self test (bsc#1155339). - Added CMAC TDES self test missing (bsc#1155338). - Fix test dsa-rfc6979 in FIPS mode. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3395-1 Released: Mon Dec 30 14:05:06 2019 Summary: Security update for mozilla-nspr, mozilla-nss Type: security Severity: moderate References: 1141322,1158527,1159819,CVE-2018-18508,CVE-2019-11745,CVE-2019-17006 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:9-1 Released: Thu Jan 2 12:33:47 2020 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1157438 Description: This update for xfsprogs fixes the following issues: - Remove the 'xfs_scrub_all' script from the package, and the corresponding dependency of python. (bsc#1157438) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:10-1 Released: Thu Jan 2 12:35:06 2020 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1146475 Description: This update for gcc7 fixes the following issues: - Fix miscompilation with thread-safe localstatic initialization (gcc#85887). - Fix debug info created for array definitions that complete an earlier declaration (bsc#1146475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:22-1 Released: Tue Jan 7 12:39:59 2020 Summary: Recommended update for python-numpy Type: recommended Severity: moderate References: 1149203,SLE-8532 Description: This update for python-numpy fixes the following issues: - Add new random module including selectable random number generators: MT19937, PCG64, Philox and SFC64 (bsc#1149203) - NumPy's FFT implementation was changed from fftpack to pocketfft, resulting in faster, more accurate transforms and better handling of datasets of prime length. (bsc#1149203) - New radix sort and timsort sorting methods. (bsc#1149203) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:27-1 Released: Tue Jan 7 14:47:07 2020 Summary: Recommended update for rdma-core Type: recommended Severity: moderate References: 1137131,1137132,1140601,1157891 Description: This update for rdma-core fixes the following issues: - Add Broadcom fixes for libbnxtre. (bsc#1157891) - Disable libmlx dependencies for libibverbs on s390x 32 bits. (bsc#1140601) - Fix baselibs configuration removing conflict with -32b and older (early rdma-core) libraries. - Add missing Obsoletes/Conflicts/Provides to handle updates from SP2. (bsc#1137131, bsc#1137132) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:36-1 Released: Wed Jan 8 10:26:46 2020 Summary: Recommended update for python-pyOpenSSL Type: recommended Severity: low References: 1159989 Description: This update fixes the build of python-pyOpenSSL in 2020 (bsc#1159989). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:69-1 Released: Fri Jan 10 12:33:59 2020 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1155346,1157775,1158101,1158809,CVE-2019-1551,SLE-8789 Description: This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Various FIPS related improvements were done: - FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775). - Port FIPS patches from SLE-12 (bsc#1158101). - Use SHA-2 in the RSA pairwise consistency check (bsc#1155346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:114-1 Released: Thu Jan 16 10:11:52 2020 Summary: Security update for python3 Type: security Severity: important References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Description: This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:129-1 Released: Mon Jan 20 09:21:13 2020 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:160-1 Released: Wed Jan 22 13:18:10 2020 Summary: Recommended update for ceph Type: recommended Severity: moderate References: 1124556,1131817,1132337,1134365,1137227,1140504,1140879,1141203,1145571,1145756,1148360,1148498,1153876,1154230,1155045,1155463,1155655,1155950,1156571,1157611,1158923,1158925,1158926,1158927,1158929,1158930,1158931,1158932,1158933,1160920 Description: This update for ceph fixes the following issues: Update to 14.2.5-371-g3551250731: + upstream Nautilus 14.2.5 point release, see https://ceph.io/releases/v14-2-5-nautilus-released/ * health warnings will be issued if daemons have recently crashed (bsc#1158923) * pg_num must be a power of two, otherwise HEALTH_WARN (bsc#1158925) * pool size must be > 1, otherwise HEALTH_WARN (bsc#1158926) * health warning if average OSD heartbeat ping time exceeds threshold (bsc#1158927) * changes in the telemetry MGR module (bsc#1158929) * new OSD daemon command dump_recovery_reservations (bsc#1158930) * new OSD daemon command dump_scrub_reservations (bsc#1158931) * RGW now supports S3 Object Lock set of APIs (bsc#1158932) * RGW now supports List Objects V2 (bsc#1158933) + mon: keep v1 address type when explicitly (bsc#1140879) + doc: mention --namespace option in rados manpage (bsc#1157611) + mgr/dashboard: Remove env_build from e2e:ci + ceph-volume: check if we run in an selinux environment + qa/dashboard_e2e_tests.sh: Automatically use correct chromedriver version (bsc#1155950) Update to 14.2.4-1283-g9ab65f8799: + rebase on tip of upstream nautilus, SHA1 9989c20373e2294b7479ec4bd6ac5cce80b01645 * rgw: add S3 object lock feature to support object worm (jsc#SES-582) * os/bluestore: apply garbage collection against excessive blob count growth (bsc#1124556) * doc: update bluestore cache settings and clarify data fraction (bsc#1131817) * mgr/dashboard: Allow the decrease of pg's of an existing pool (bsc#1132337) * core: Improve health status for backfill_toofull and recovery_toofull and fix backfill_toofull seen on cluster where the most full OSD is at 1% (bsc#1134365) * mgr/dashboard: Set RO as the default access_type for RGW NFS exports (bsc#1137227) * mgr/dashboard: Allow disabling redirection on standby Dashboards (bsc#1140504) * rgw: dns name is not case sensitive (bsc#1141203) * os/bluestore: shallow fsck mode and legacy statfs auto repair (bsc#1145571) * mgr/dashboard: Display WWN and LUN number in iSCSI target details (bsc#1145756) * mgr/dashboard: access_control: add grafana scope read access to *-manager roles (bsc#1148360) * mgr/dashboard: internationalization support with AOT enabled (bsc#1148498) * mgr/dashboard: Fix data point alignment in MDS counters chart (bsc#1153876) * mgr/balancer: python3 compatibility issue (bsc#1154230) * mgr/dashboard: add debug mode, and accept expected exception when SSL handshaking (bsc#1155045) * mgr/{dashboard,prometheus}: return FQDN instead of '0.0.0.0' (bsc#1155463) * core: Improve health status for backfill_toofull and recovery_toofull and fix backfill_toofull seen on cluster where the most full OSD is at 1% (bsc#1155655) * mon: ensure prepare_failure() marks no_reply on op (bsc#1156571) + mgr/dashboard: Automatically use correct chromedriver version + Revert 'rgw_file: introduce fast S3 Unix stats (immutable)' because it is incompatible with NFS-Ganesha 2.8 + include hotfix from upstream v14.2.6 release (bsc#1160920): * mon/PGMap.h: disable network stats in dump_osd_stats * osd_stat_t::dump: Add option for ceph-mgr python callers to skip ping network From sle-updates at lists.suse.com Sat Feb 1 01:36:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:36:07 +0100 (CET) Subject: SUSE-CU-2020:33-1: Security update of ses/6/cephcsi/cephcsi Message-ID: <20200201083607.B1DC4F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:33-1 Container Tags : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.110 , ses/6/cephcsi/cephcsi:latest Container Release : 1.5.110 Severity : moderate Type : security References : 1013125 1149332 1151582 1157292 1157794 1157893 1158830 1158996 1160571 1160970 1161074 1161312 CVE-2019-19126 CVE-2019-5188 CVE-2020-1699 CVE-2020-1700 ----------------------------------------------------------------- The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:256-1 Released: Wed Jan 29 09:39:17 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1157794,1160970 Description: This update for aaa_base fixes the following issues: - Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794) - Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:262-1 Released: Thu Jan 30 11:02:42 2020 Summary: Security update for glibc Type: security Severity: moderate References: 1149332,1151582,1157292,1157893,1158996,CVE-2019-19126 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292). Bug fixes: - Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893). - Fixed Hardware support in toolchain (bsc#1151582). - Fixed syscalls during early process initialization (SLE-8348). - Fixed an array overflow in backtrace for PowerPC (bsc#1158996). - Moved to posix_spawn on popen (bsc#1149332). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:265-1 Released: Thu Jan 30 14:05:34 2020 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1160571,CVE-2019-5188 Description: This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:279-1 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1013125 Description: This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:297-1 Released: Fri Jan 31 17:24:13 2020 Summary: Security update for ceph Type: security Severity: moderate References: 1161074,1161312,CVE-2020-1699,CVE-2020-1700 Description: This update for ceph fixes the following issues: - CVE-2020-1700: Fixed a denial of service against the RGW server via connection leakage (bsc#1161312). - CVE-2020-1699: Fixed a information disclosure by improper URL checking (bsc#1161074). From sle-updates at lists.suse.com Sat Feb 1 01:36:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:36:22 +0100 (CET) Subject: SUSE-CU-2019:747-1: Security update of ses/6/ceph/ceph Message-ID: <20200201083622.E49AAF798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:747-1 Container Tags : ses/6/ceph/ceph:14.2.1.468 , ses/6/ceph/ceph:14.2.1.468.1.5.2 , ses/6/ceph/ceph:latest Container Release : 1.5.2 Severity : important Type : security References : 1005023 1009532 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1036463 1036463 1038194 1039099 1044840 1045723 1047002 1063675 1065270 1071321 1072183 1073299 1073421 1076519 1076696 1080919 1082318 1082956 1083158 1084812 1084842 1084842 1086367 1086367 1087550 1088052 1088279 1088524 1089640 1089761 1089777 1090047 1090767 1090944 1091265 1091677 1092877 1093392 1093617 1093753 1093753 1093851 1094150 1094154 1094161 1094222 1094735 1094814 1095096 1095148 1095661 1095670 1095973 1096191 1096515 1096718 1096745 1096974 1096984 1097073 1097158 1097370 1097410 1097595 1097643 1098217 1098569 1098697 1099119 1099192 1099793 1100396 1100415 1100488 1100779 1101040 1101470 1101470 1101591 1101797 1101820 1102046 1102310 1102526 1102564 1102908 1103320 1103678 1104531 1104700 1104780 1105031 1105068 1105166 1105396 1105435 1105437 1105459 1105460 1106019 1106390 1106873 1107030 1107066 1107067 1107116 1107121 1107617 1107640 1107941 1109197 1109252 1110304 1110435 1110445 1110700 1111019 1111342 1111345 1111345 1111498 1111499 1111622 1111657 1111973 1112024 1112310 1112570 1112723 1112726 1112758 1112780 1112928 1113083 1113100 1113554 1113632 1113660 1113665 1114135 1114407 1114592 1114674 1114675 1114681 1114686 1114933 1114984 1114993 1115640 1115929 1117025 1117063 1117354 1117993 1118086 1118087 1118087 1118364 1118629 1119063 1119069 1119069 1119105 1119414 1119687 1119937 1119971 1120279 1120323 1120346 1120374 1120402 1120472 1120644 1120689 1121045 1121051 1121207 1121446 1121563 1121563 1122000 1122191 1122208 1122271 1122361 1122729 1122983 1123043 1123333 1123371 1123377 1123378 1123685 1123710 1123727 1123820 1123892 1124122 1124153 1124223 1124644 1124847 1125007 1125352 1125352 1125410 1125439 1125604 1126056 1126096 1126117 1126118 1126119 1126327 1126377 1126590 1127073 1127155 1127223 1127308 1127557 1128246 1128323 1128383 1128598 1128794 1129346 1129389 1129576 1129598 1129753 1129859 1130045 1130230 1130325 1130326 1130557 1130681 1130682 1130840 1131060 1131264 1131330 1131686 1132348 1132400 1132721 1133452 1133506 1133509 1133808 1134193 1134217 1134524 1134659 1134819 1134856 1135123 1135170 1135709 1135751 1136717 1137001 1137053 1137624 1137832 1138459 1138939 1139083 1139083 1139937 1139959 1140016 1140647 1140868 1141059 1141093 1141322 1141853 1145433 915402 918346 937216 943457 953659 960273 969953 985657 991901 996146 CVE-2009-5155 CVE-2015-0247 CVE-2015-1572 CVE-2016-10739 CVE-2016-3189 CVE-2017-10790 CVE-2017-18269 CVE-2017-7500 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-0495 CVE-2018-0500 CVE-2018-0732 CVE-2018-1000654 CVE-2018-1000858 CVE-2018-10360 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 CVE-2018-10903 CVE-2018-10906 CVE-2018-11236 CVE-2018-11237 CVE-2018-12015 CVE-2018-12020 CVE-2018-12384 CVE-2018-12404 CVE-2018-12404 CVE-2018-12405 CVE-2018-14404 CVE-2018-14567 CVE-2018-14618 CVE-2018-15686 CVE-2018-15688 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-16428 CVE-2018-16429 CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 CVE-2018-16868 CVE-2018-16868 CVE-2018-16869 CVE-2018-16890 CVE-2018-17466 CVE-2018-17953 CVE-2018-18074 CVE-2018-18310 CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2018-18520 CVE-2018-18521 CVE-2018-19211 CVE-2018-20346 CVE-2018-20406 CVE-2018-20843 CVE-2018-20852 CVE-2018-6954 CVE-2018-9251 CVE-2019-10160 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-12450 CVE-2019-12749 CVE-2019-12900 CVE-2019-12900 CVE-2019-12904 CVE-2019-13012 CVE-2019-13050 CVE-2019-3822 CVE-2019-3823 CVE-2019-3829 CVE-2019-3836 CVE-2019-3842 CVE-2019-3843 CVE-2019-3844 CVE-2019-3880 CVE-2019-5010 CVE-2019-5021 CVE-2019-5436 CVE-2019-6446 CVE-2019-6454 CVE-2019-6454 CVE-2019-6706 CVE-2019-7150 CVE-2019-7665 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 CVE-2019-9169 CVE-2019-9636 CVE-2019-9811 CVE-2019-9936 CVE-2019-9937 CVE-2019-9947 SLE-3853 SLE-4117 SLE-5807 SLE-5933 SLE-6738 ----------------------------------------------------------------- The container ses/6/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1223-1 Released: Tue Jun 26 11:41:00 2018 Summary: Security update for gpg2 Type: security Severity: important References: 1096745,CVE-2018-12020 Description: This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1264-1 Released: Tue Jul 3 10:56:12 2018 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1086367 Description: This update for curl provides the following fix: - Use OPENSSL_config() instead of CONF_modules_load_file() to avoid crashes due to conflicting openssl engines. (bsc#1086367) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1327-1 Released: Tue Jul 17 08:07:24 2018 Summary: Security update for perl Type: security Severity: moderate References: 1096718,CVE-2018-12015 Description: This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 Description: This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1334-1 Released: Tue Jul 17 09:06:41 2018 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1096515 Description: This update for mozilla-nss provides the following fixes: - Update to NSS 3.36.4 required by Firefox 60.0.2. (bsc#1096515) - Fix a problem that would cause connections to a server that was recently upgraded to TLS 1.3 to result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Use relro linker option. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1346-1 Released: Thu Jul 19 09:25:08 2018 Summary: Security update for glibc Type: security Severity: moderate References: 1082318,1092877,1094150,1094154,1094161,CVE-2017-18269,CVE-2018-11236,CVE-2018-11237 Description: This update for glibc fixes the following security issues: - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the copy operation. This may have disclosed information to context-dependent attackers, resulted in a denial of service or code execution (bsc#1094150). - CVE-2018-11236: Prevent integer overflow on 32-bit architectures when processing very long pathname arguments to the realpath function, leading to a stack-based buffer overflow (bsc#1094161). - CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function may have writen data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper (bsc#1092877, bsc#1094154). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1353-1 Released: Thu Jul 19 09:50:32 2018 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1009532,1038194,915402,918346,960273,CVE-2015-0247,CVE-2015-1572 Description: This update for e2fsprogs fixes the following issues: Security issues fixed: - CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402). - CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346). Bug fixes: - bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system. - bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system. - bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1362-1 Released: Thu Jul 19 12:47:33 2018 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1100415 Description: ca-certificates-mozilla was updated to the 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415) Following CAs were removed: * S-TRUST_Universal_Root_CA * TC_TrustCenter_Class_3_CA_II * TUeRKTRUST_Elektronik_Sertifika_Hizmet_Saglayicisi_H5 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1396-1 Released: Thu Jul 26 16:23:09 2018 Summary: Security update for rpm Type: security Severity: moderate References: 1094735,1095148,943457,CVE-2017-7500 Description: This update for rpm fixes the following issues: This security vulnerability was fixed: - CVE-2017-7500: Fixed symlink attacks during RPM installation (bsc#943457) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1409-1 Released: Fri Jul 27 06:45:10 2018 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1039099,1083158,1088052,1091265,1093851,1095096,1095973,1098569 Description: This update for systemd provides the following fixes: - systemctl: Mask always reports the same unit names when different unknown units are passed. (bsc#1095973) - systemctl: Check the existence of all units, not just the first one. - scsi_id: Fix the prefix for pre-SPC inquiry reply. (bsc#1039099) - device: Make sure to always retroactively start device dependencies. (bsc#1088052) - locale-util: On overlayfs FTW_MOUNT causes nftw(3) to not list *any* files. - Fix pattern to detect distribution. - install: The 'user' and 'global' scopes are equivalent for user presets. (bsc#1093851) - install: Search for preset files in /run (#7715) - install: Consider globally enabled units as 'enabled' for the user. (bsc#1093851) - install: Consider non-Alias=/non-DefaultInstance= symlinks as 'indirect' enablement. - install: Only consider names in Alias= as 'enabling'. - udev: Whitelist mlx4_core locally-administered MAC addresses in the persistent rule generator. (bsc#1083158) - man: Updated systemd-analyze blame description for service-units with Type=simple. (bsc#1091265) - fileio: Support writing atomic files with timestamp. - fileio.c: Fix incorrect mtime - Drop runtime dependency on dracut, otherwise systemd pulls in tools to generate the initrd even in container/chroot installations that don't have a kernel. For environments where initrd matters, dracut should be pulled via a pattern. (bsc#1098569) - An update broke booting with encrypted partitions on NVMe (bsc#1095096) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1685-1 Released: Fri Aug 17 18:20:58 2018 Summary: Security update for curl Type: security Severity: moderate References: 1099793,CVE-2018-0500 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2018-0500: Fix a SMTP send heap buffer overflow (bsc#1099793). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1754-1 Released: Fri Aug 24 16:40:21 2018 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1104780 Description: This update for ca-certificates-mozilla fixes the following issues: Updated to the 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780) - removed server auth rights from following CAs: - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - removed CA - ComSign CA - new CA added: - GlobalSign ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1760-1 Released: Fri Aug 24 17:14:53 2018 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1072183 Description: This update for libtirpc fixes the following issues: - rpcinfo: send RPC getport call as specified via parameter (bsc#1072183) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1775-1 Released: Tue Aug 28 12:40:50 2018 Summary: Recommended update for xfsprogs Type: recommended Severity: important References: 1089777,1105396 Description: This update for xfsprogs fixes the following issues: - avoid divide-by-zero when hardware reports optimal i/o size as 0 (bsc#1089777) - repair: shift inode back into place if corrupted by bad log replay (bsc#1105396). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1887-1 Released: Wed Sep 12 12:34:28 2018 Summary: Recommended update for python-websocket-client Type: recommended Severity: moderate References: 1076519 Description: This update for python-websocket-client fixes the following issues: - Use systems ca bundle file by default. (bsc#1076519) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1904-1 Released: Fri Sep 14 12:46:39 2018 Summary: Security update for curl Type: security Severity: moderate References: 1086367,1106019,CVE-2018-14618 Description: This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019) This non-security issue was fixed: - Use OPENSSL_config instead of CONF_modules_load_file() to avoid crashes due to openssl engines conflicts (bsc#1086367) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1999-1 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1071321 Description: This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2055-1 Released: Thu Sep 27 14:30:14 2018 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1089640 Description: This update for openldap2 provides the following fix: - Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2070-1 Released: Fri Sep 28 08:02:02 2018 Summary: Security update for gnutls Type: security Severity: moderate References: 1047002,1105437,1105459,1105460,CVE-2017-10790,CVE-2018-10844,CVE-2018-10845,CVE-2018-10846 Description: This update for gnutls fixes the following security issues: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (bsc#1105460) - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (bsc#1105459) - CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (bsc#1105437) - CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (bsc#1047002) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2083-1 Released: Sun Sep 30 14:06:33 2018 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1097158,1101470,CVE-2018-0732 Description: This update for openssl-1_1 to 1.1.0i fixes the following issues: These security issues were fixed: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks These non-security issues were fixed: - When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. - Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. - Fixed a text canonicalisation bug in CMS - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2138-1 Released: Thu Oct 4 15:52:15 2018 Summary: Recommended update for sudo Type: recommended Severity: low References: 1097643 Description: This update for sudo fixes the following issues: - fix permissions for /var/lib/sudo and /var/lib/sudo/ts (bsc#1097643) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2155-1 Released: Fri Oct 5 14:41:17 2018 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1101470 Description: This update for ca-certificates fixes the following issues: - Changed 'openssl' requirement to 'openssl(cli)' (bsc#1101470) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2170-1 Released: Mon Oct 8 10:31:14 2018 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1107030 Description: This update for python3 fixes the following issues: - Add -fwrapv to OPTS, which is default for python3 for bugs which are caused by avoiding it. (bsc#1107030) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2177-1 Released: Tue Oct 9 09:00:13 2018 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1095661,1095670,1100488 Description: This update for bash provides the following fixes: - Bugfix: Parse settings in inputrc for all screen TERM variables starting with 'screen.' (bsc#1095661) - Make the generation of bash.html reproducible. (bsc#1100488) - Use initgroups(3) instead of setgroups(2) to fix the usage of suid programs. (bsc#1095670) - Fix a problem that could cause hash table bash uses to store exit statuses from asynchronous processes to develop loops in circumstances involving long-running scripts that create and reap many processes. - Fix a problem that could cause the shell to loop if a SIGINT is received inside of a SIGINT trap handler. - Fix cases where a failing readline command (e.g., delete-char at the end of a line) can cause a multi-character key sequence to 'back up' and attempt to re-read some of the characters in the sequence. - Fix a problem when sourcing a file from an interactive shell, that setting the SIGINT handler to the default and typing ^C would cause the shell to exit. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2182-1 Released: Tue Oct 9 11:08:36 2018 Summary: Security update for libxml2 Type: security Severity: moderate References: 1088279,1102046,1105166,CVE-2018-14404,CVE-2018-14567,CVE-2018-9251 Description: This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2340-1 Released: Fri Oct 19 16:05:53 2018 Summary: Security update for fuse Type: security Severity: moderate References: 1101797,CVE-2018-10906 Description: This update for fuse fixes the following issues: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2346-1 Released: Mon Oct 22 09:40:46 2018 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: 1093617 Description: This update for logrotate provides the following fix: - Ensure the HOME environment variable is set to /root when logrotate is started via systemd. This allows mariadb to rotate its logs when the database has a root password defined. (bsc#1093617) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2370-1 Released: Mon Oct 22 14:02:01 2018 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1102310,1104531 Description: This update for aaa_base provides the following fixes: - Let bash.bashrc work even for (m)ksh. (bsc#1104531) - Fix an error at login if java system directory is empty. (bsc#1102310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2430-1 Released: Wed Oct 24 13:05:18 2018 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1101820,CVE-2018-10903 Description: This update for python-cryptography fixes the following issues: - CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries could have caused key leakage (bsc#1101820). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2454-1 Released: Thu Oct 25 11:19:46 2018 Summary: Recommended update for python-pyOpenSSL Type: recommended Severity: moderate References: 1110435 Description: This update for python-pyOpenSSL fixes the following issues: - Handle duplicate certificate addition using X509_STORE_add_cert so it works after upgrading to openssl 1.1.1. (bsc#1110435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 Description: This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2485-1 Released: Fri Oct 26 12:38:01 2018 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1112928 Description: This update for kmod provides the following fixes: - Allow 'modprobe -c' print the status of 'allow_unsupported_modules' option. (bsc#1112928) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2486-1 Released: Fri Oct 26 12:38:27 2018 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1105068 Description: This update for xfsprogs fixes the following issues: - Explictly disable systemd unit files for scrub (bsc#1105068). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2487-1 Released: Fri Oct 26 12:39:07 2018 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1102526 Description: This update for glibc fixes the following issues: - Fix build on aarch64 with binutils newer than 2.30. - Fix year 2039 bug for localtime with 64-bit time_t (bsc#1102526) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2539-1 Released: Tue Oct 30 16:17:23 2018 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1113100 Description: This update for rpm fixes the following issues: - On PowerPC64 fix the superfluous TOC. dependency (bsc#1113100) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 Description: This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2569-1 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1110700 Description: This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2578-1 Released: Mon Nov 5 17:55:35 2018 Summary: Security update for curl Type: security Severity: moderate References: 1112758,1113660,CVE-2018-16839,CVE-2018-16840,CVE-2018-16842 Description: This update for curl fixes the following issues: - CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758) - CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758) - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2595-1 Released: Wed Nov 7 11:14:42 2018 Summary: Security update for systemd Type: security Severity: important References: 1089761,1090944,1091677,1093753,1101040,1102908,1105031,1107640,1107941,1109197,1109252,1110445,1112024,1113083,1113632,1113665,1114135,991901,CVE-2018-15686,CVE-2018-15688 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user at .service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - core: introduce systemd.early_core_pattern= kernel cmdline option - core: add missing 'continue' statement - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197) - emergency: make sure console password agents don't interfere with the emergency shell - man: document that 'nofail' also has an effect on ordering - journald: take leading spaces into account in syslog_parse_identifier - journal: do not remove multiple spaces after identifier in syslog message - syslog: fix segfault in syslog_parse_priority() - journal: fix syslog_parse_identifier() - install: drop left-over debug message (#6913) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. - Add udev.no-partlabel-links kernel command-line option. This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used. (bsc#1089761) - man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040) - systemctl: load unit if needed in 'systemctl is-active' (bsc#1102908) - core: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944) - Enable or disable machines.target according to the presets (bsc#1107941) - cryptsetup: add support for sector-size= option (fate#325697) - nspawn: always use permission mode 555 for /sys (bsc#1107640) - Bugfix for a race condition between daemon-reload and other commands (bsc#1105031) - Fixes an issue where login with root credentials was not possible in init level 5 (bsc#1091677) - Fix an issue where services of type 'notify' harmless DENIED log entries. (bsc#991901) - Does no longer adjust qgroups on existing subvolumes (bsc#1093753) - cryptsetup: add support for sector-size= option (#9936) (fate#325697 bsc#1114135) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2607-1 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Type: recommended Severity: low References: 1084812,1084842,1087550,1094222,1102564 Description: The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2641-1 Released: Mon Nov 12 20:39:30 2018 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1098217 Description: This update for nfsidmap fixes the following issues: - Improve support for SAMBA with Active Directory. (bsc#1098217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2644-1 Released: Mon Nov 12 20:40:15 2018 Summary: Recommended update for glib2-branding Type: recommended Severity: low References: 1097595 Description: This update for glib2-branding provides the following fix: - Recommend sound-theme-freedesktop on SLE. (bsc#1097595) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2742-1 Released: Thu Nov 22 13:28:36 2018 Summary: Recommended update for rpcbind Type: recommended Severity: moderate References: 969953 Description: This update for rpcbind fixes the following issues: - Fix tool stack buffer overflow aborting (bsc#969953) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2744-1 Released: Thu Nov 22 14:30:38 2018 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1111345 Description: This update for apparmor fixes the following issues: - allow dnsmasq to open logfiles (bsc#1111345) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2780-1 Released: Mon Nov 26 17:46:10 2018 Summary: Security update for glib2 Type: security Severity: moderate References: 1107116,1107121,1111499,CVE-2018-16428,CVE-2018-16429 Description: This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference (crash). Avoid that, at the cost of introducing a new translatable error message (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issue fixed: - various GVariant parsing issues have been resolved (bsc#1111499) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2825-1 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Type: security Severity: important References: 1115640,CVE-2018-17953 Description: This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2861-1 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Type: security Severity: important References: 1103320,1115929,CVE-2018-19211 Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2873-1 Released: Fri Dec 7 13:27:36 2018 Summary: Recommended update for python-cffi Type: recommended Severity: moderate References: 1111657 Description: This update for python-cffi fixes the following issues: - Fix the testsuite of python-cffi like upstream to solve corruption at build (bsc#1111657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2961-1 Released: Mon Dec 17 19:51:40 2018 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1098697,1112780 Description: This update for psmisc provides the following fix: - Make the fuser option -m work even with mountinfo. (bsc#1098697) - Support also btrFS entries in mountinfo, that is use stat(2) to determine the device of the mounted subvolume (bsc#1098697, bsc#1112780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2984-1 Released: Wed Dec 19 11:32:39 2018 Summary: Security update for perl Type: security Severity: moderate References: 1114674,1114675,1114681,1114686,CVE-2018-18311,CVE-2018-18312,CVE-2018-18313,CVE-2018-18314 Description: This update for perl fixes the following issues: Secuirty issues fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2986-1 Released: Wed Dec 19 13:53:22 2018 Summary: Security update for libnettle Type: security Severity: moderate References: 1118086,CVE-2018-16869 Description: This update for libnettle fixes the following issues: Security issues fixed: - CVE-2018-16869: Fixed a leaky data conversion exposing a manager oracle (bsc#1118086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:3044-1 Released: Fri Dec 21 18:47:21 2018 Summary: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss Type: security Severity: important References: 1097410,1106873,1119069,1119105,CVE-2018-0495,CVE-2018-12384,CVE-2018-12404,CVE-2018-12405,CVE-2018-17466,CVE-2018-18492,CVE-2018-18493,CVE-2018-18494,CVE-2018-18498 Description: This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:6-1 Released: Wed Jan 2 20:25:25 2019 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1099119,1099192 Description: GCC 7 was updated to the GCC 7.4 release. - Fix AVR configuration to not use __cxa_atexit or libstdc++ headers. Point to /usr/avr/sys-root/include as system header include directory. - Includes fix for build with ISL 0.20. - Pulls fix for libcpp lexing bug on ppc64le manifesting during build with gcc8. [bsc#1099119] - Pulls fix for forcing compile-time tuning even when building with -march=z13 on s390x. [bsc#1099192] - Fixes support for 32bit ASAN with glibc 2.27+ ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:23-1 Released: Mon Jan 7 16:30:33 2019 Summary: Security update for gpg2 Type: security Severity: moderate References: 1120346,CVE-2018-1000858 Description: This update for gpg2 fixes the following issue: Security issue fixed: - CVE-2018-1000858: Fixed a Cross Site Request Forgery(CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF (bsc#1120346). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:44-1 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Type: recommended Severity: low References: 953659 Description: This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:56-1 Released: Thu Jan 10 15:04:46 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1111345 Description: This update for apparmor fixes the following issues: - Update the last dnsmasq fix for logfiles when running under apparmor (bsc#1111345) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:62-1 Released: Thu Jan 10 20:30:58 2019 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1119063 Description: This update for xfsprogs fixes the following issues: - Fix root inode's parent when it's bogus for sf directory (xfs repair). (bsc#1119063) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:91-1 Released: Tue Jan 15 14:14:43 2019 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1090767,1121045,1121207 Description: This update for mozilla-nss fixes the following issues: - The hmac packages used in FIPS certification inadvertently removed in last update: re-added. (bsc#1121207) - Added 'Suggest:' for libfreebl3 and libsoftokn3 respective -hmac packages to avoid dependency issues during updates (bsc#1090767, bsc#1121045) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 Description: This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:137-1 Released: Mon Jan 21 15:52:45 2019 Summary: Security update for systemd Type: security Severity: important References: 1005023,1045723,1076696,1080919,1093753,1101591,1111498,1114933,1117063,1119971,1120323,CVE-2018-16864,CVE-2018-16865,CVE-2018-16866,CVE-2018-6954 Description: This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - CVE-2018-6954: Fix mishandling of symlinks present in non-terminal path components (bsc#1080919) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - pam_systemd: Fix 'Cannot create session: Already running in a session' (bsc#1111498) - systemd-vconsole-setup: vconsole setup fails, fonts will not be copied to tty (bsc#1114933) - systemd-tmpfiles-setup: symlinked /tmp to /var/tmp breaking multiple units (bsc#1045723) - Fixed installation issue with /etc/machine-id during update (bsc#1117063) - btrfs: qgroups are assigned to parent qgroups after reboot (bsc#1093753) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:147-1 Released: Wed Jan 23 17:57:31 2019 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1121446 Description: This update for ca-certificates-mozilla fixes the following issues: The package was updated to the 2.30 version of the Mozilla NSS Certificate store. (bsc#1121446) Removed Root CAs: - AC Raiz Certicamara S.A. - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - Visa eCommerce Root Added Root CAs: - Certigna Root CA (email and server auth) - GTS Root R1 (server auth) - GTS Root R2 (server auth) - GTS Root R3 (server auth) - GTS Root R4 (server auth) - OISTE WISeKey Global Root GC CA (email and server auth) - UCA Extended Validation Root (server auth) - UCA Global G2 Root (email and server auth) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:151-1 Released: Wed Jan 23 17:58:59 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1082956,1097370,1100779,1111342,1117354,1119937,1120472 Description: This update for apparmor fixes the following issues: - Change of path of rpm in lessopen.sh (bsc#1082956, bsc#1117354) - allow network access in lessopen.sh for reading files on NFS (workaround for bsc#1119937 / lp#1784499) - dropped check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (bsc#1120472) - netconfig: write resolv.conf to /run with link to /etc (fate#325872, bsc#1097370) [patch apparmor-nameservice-resolv-conf-link.patch] Update to AppArmor 2.12.2: - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (bsc#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.2 for the detailed upstream changelog Update to AppArmor 2.12.1: - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - add support for conditional includes ('include if exists') - ignore 'abi' rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including bsc#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.1 for detailed upstream release notes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:170-1 Released: Fri Jan 25 13:43:29 2019 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1118629 Description: This update for kmod fixes the following issues: - Fixes module dependency file corruption on parallel invocation (bsc#1118629). - Allows 'modprobe -c' to print the status of 'allow_unsupported_modules' option. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:189-1 Released: Mon Jan 28 14:14:46 2019 Summary: Recommended update for rpm Type: recommended Severity: moderate References: Description: This update for rpm fixes the following issues: - Add kmod(module) provides to kernel and KMPs (fate#326579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:215-1 Released: Thu Jan 31 15:59:57 2019 Summary: Security update for python3 Type: security Severity: important References: 1120644,1122191,CVE-2018-20406,CVE-2019-5010 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:247-1 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Type: security Severity: moderate References: 1123043,CVE-2019-6706 Description: This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:248-1 Released: Wed Feb 6 08:35:20 2019 Summary: Security update for curl Type: security Severity: important References: 1123371,1123377,1123378,CVE-2018-16890,CVE-2019-3822,CVE-2019-3823 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:251-1 Released: Wed Feb 6 11:22:43 2019 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1090047 Description: This update for glib2 provides the following fix: - Enable systemtap. (fate#326393, bsc#1090047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:273-1 Released: Wed Feb 6 16:48:18 2019 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1119069,1120374,1122983,CVE-2018-12404,CVE-2018-18500,CVE-2018-18501,CVE-2018-18505 Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issues fixed: - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983). - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed: - Update to MozillaFirefox ESR 60.5.0 - Update to mozilla-nss 3.41.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:369-1 Released: Wed Feb 13 14:01:42 2019 Summary: Recommended update for itstool Type: recommended Severity: moderate References: 1065270,1111019 Description: This update for itstool and python-libxml2-python fixes the following issues: Package: itstool - Updated version to support Python3. (bnc#1111019) Package: python-libxml2-python - Fix segfault when parsing invalid data. (bsc#1065270) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:418-1 Released: Sat Feb 16 11:33:57 2019 Summary: Security update for python-numpy Type: security Severity: important References: 1122208,CVE-2019-6446 Description: This update for python-numpy fixes the following issue: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:426-1 Released: Mon Feb 18 17:46:55 2019 Summary: Security update for systemd Type: security Severity: important References: 1117025,1121563,1122000,1123333,1123727,1123892,1124153,1125352,CVE-2019-6454 Description: This update for systemd fixes the following issues: - CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352) - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - logind: fix bad error propagation - login: log session state 'closing' (as well as New/Removed) - logind: fix borked r check - login: don't remove all devices from PID1 when only one was removed - login: we only allow opening character devices - login: correct comment in session_device_free() - login: remember that fds received from PID1 need to be removed eventually - login: fix FDNAME in call to sd_pid_notify_with_fds() - logind: fd 0 is a valid fd - logind: rework sd_eviocrevoke() - logind: check file is device node before using .st_rdev - logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153) - core: add a new sd_notify() message for removing fds from the FD store again - logind: make sure we don't trip up on half-initialized session devices (bsc#1123727) - fd-util: accept that kcmp might fail with EPERM/EACCES - core: Fix use after free case in load_from_path() (bsc#1121563) - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - core: free lines after reading them (bsc#1123892) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:532-1 Released: Fri Mar 1 13:47:29 2019 Summary: Recommended update for console-setup, kbd Type: recommended Severity: moderate References: 1122361 Description: This update for console-setup and kbd provides the following fix: - Fix Shift-Tab mapping. (bsc#1122361) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:571-1 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Type: security Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 Description: This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:577-1 Released: Mon Mar 11 12:03:49 2019 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1123820,1127073 Description: This update for apparmor fixes the following issues: - apparmor prevents libvirtd from starting (bsc#1127073) - Start apparmor after filesystem remount (bsc#1123820) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:641-1 Released: Tue Mar 19 13:17:28 2019 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1112570,1114984,1114993 Description: This update for glibc provides the following fixes: - Fix Haswell CPU string flags. (bsc#1114984) - Fix waiters-after-spinning case. (bsc#1114993) - Do not relocate absolute symbols. (bsc#1112570) - Add glibc-locale-base subpackage containing only C, C.UTF-8 and en_US.UTF-8 locales. (fate#326551) - Add HWCAP_ATOMICS to HWCAP_IMPORTANT (fate#325962) - Remove slow paths from math routines. (fate#325815, fate#325879, fate#325880, fate#325881, fate#325882) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:664-1 Released: Wed Mar 20 14:54:12 2019 Summary: Recommended update for gpgme Type: recommended Severity: low References: 1121051 Description: This update for gpgme provides the following fix: - Re-generate keys in Qt tests to not expire. (bsc#1121051) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:700-1 Released: Thu Mar 21 19:54:00 2019 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1044840 Description: This update for cyrus-sasl provides the following fix: - Fix a problem that was causing syslog to be polluted with messages 'GSSAPI client step 1'. By server context the connection will be sent to the log function but the client content does not have log level information, so there is no way to stop DEBUG level logs. (bsc#1044840) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:713-1 Released: Fri Mar 22 15:55:05 2019 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1063675,1126590 Description: This update for glibc fixes the following issues: - Add MAP_SYNC from Linux 4.15 (bsc#1126590) - Add MAP_SHARED_VALIDATE from Linux 4.15 (bsc#1126590) - nptl: Preserve error in setxid thread broadcast in coredumps (bsc#1063675, BZ #22153) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:732-1 Released: Mon Mar 25 14:10:04 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1088524,1118364,1128246 Description: This update for aaa_base fixes the following issues: - Restore old position of ssh/sudo source of profile (bsc#1118364). - Update logic for JRE_HOME env variable (bsc#1128246) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:788-1 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1119687,CVE-2018-20346 Description: This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 Description: This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:791-1 Released: Thu Mar 28 12:06:50 2019 Summary: Security update for libnettle Type: recommended Severity: moderate References: 1129598 Description: This update for libnettle to version 3.4.1 fixes the following issues: Issues addressed and new features: - Updated to 3.4.1 (fate#327114 and bsc#1129598) - Fixed a missing break statements in the parsing of PEM input files in pkcs1-conv. - Fixed a link error on the pss-mgf1-test which was affecting builds without public key support. - All functions using RSA private keys are now side-channel silent. This applies both to the bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of PKCS#1 padding needed for RSA decryption. - Changes in behavior: The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message buffer, independent of the actual message length. They are side-channel silent, in that branches and memory accesses don't depend on the validity or length of the message. Side-channel leakage from the caller's use of length and return value may still provide an oracle useable for a Bleichenbacher-style chosen ciphertext attack. Which is why the new function rsa_sec_decrypt is recommended. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:858-1 Released: Wed Apr 3 15:50:37 2019 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1120689,1126096 Description: This update for libtirpc fixes the following issues: - Fix a yp_bind_client_create_v3: RPC: Unknown host error (bsc#1126096). - add an option to enforce connection via protocol version 2 first (bsc#1120689). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:866-1 Released: Thu Apr 4 11:24:48 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1120279,1125439 Description: This update for apparmor fixes the following issues: - Add /proc/pid/tcp and /proc/pid/tcp6 entries to the apparmor profile. (bsc#1125439) - allow network access and notify file creation/access (bsc#1120279) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:894-1 Released: Fri Apr 5 17:16:23 2019 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1119414,1126327,1129753,SLE-3853,SLE-4117 Description: This update for rpm fixes the following issues: - This update shortens RPM changelog to after a certain cut off date (bsc#1129753) - Translate dashes to underscores in kmod provides (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1119414). - Re-add symset-table from SLE 12 (bsc#1126327). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:903-1 Released: Mon Apr 8 15:41:44 2019 Summary: Security update for glibc Type: security Severity: moderate References: 1100396,1122729,1130045,CVE-2016-10739 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2016-10739: Fixed an improper implementation of getaddrinfo function which could allow applications to incorrectly assume that had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings (bsc#1122729). Other issue fixed: - Fixed an issue where pthread_mutex_trylock did not use a correct order of instructions while maintained the robust mutex list due to missing compiler barriers (bsc#1130045). - Added new Japanese Era name support (bsc#1100396). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:966-1 Released: Wed Apr 17 12:20:13 2019 Summary: Recommended update for python-rpm-macros Type: recommended Severity: moderate References: 1128323 Description: This update for python-rpm-macros fixes the following issues: The Python RPM macros were updated to version 20190408.32abece, fixing bugs (bsc#1128323) * Add missing $ expansion on the pytest call * Rewrite pytest and pytest_arch into Lua macros with multiple arguments. * We should preserve existing PYTHONPATH. * Add --ignore to pytest calls to ignore build directories. * Actually make pytest into function to capture arguments as well * Add pytest definitions. * Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros. * Fix an issue with epoch printing having too many \ * add epoch while printing 'Provides:' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:971-1 Released: Wed Apr 17 14:43:26 2019 Summary: Security update for python3 Type: security Severity: important References: 1129346,CVE-2019-9636 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1002-1 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1110304,1129576 Description: This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1040-1 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Type: security Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1105-1 Released: Tue Apr 30 12:10:58 2019 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1084842,1114592,1124644,1128794,1129389,1131264,SLE-6738 Description: This update for gcc7 fixes the following issues: Update to gcc-7-branch head (r270528). - Disables switch jump-tables when retpolines are used. This restores some lost performance for kernel builds with retpolines. (bsc#1131264, jsc#SLE-6738) - Fix ICE compiling tensorflow on aarch64. (bsc#1129389) - Fix for aarch64 FMA steering pass use-after-free. (bsc#1128794) - Fix for s390x FP load-and-test issue. (bsc#1124644) - Improve build reproducability by disabling address-space randomization during build. - Adjust gnat manual entries in the info directory. (bsc#1114592) - Includes fix to no longer try linking -lieee with -mieee-fp. (bsc#1084842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1121-1 Released: Tue Apr 30 18:02:43 2019 Summary: Security update for gnutls Type: security Severity: important References: 1118087,1130681,1130682,CVE-2018-16868,CVE-2019-3829,CVE-2019-3836 Description: This update for gnutls fixes to version 3.6.7 the following issues: Security issued fixed: - CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages (bsc#1130682). - CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API (bsc#1130681). - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (bsc#1118087) Non-security issue fixed: - Update gnutls to support TLS 1.3 (fate#327114) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1127-1 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 Description: This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1206-1 Released: Fri May 10 14:01:55 2019 Summary: Security update for bzip2 Type: security Severity: low References: 985657,CVE-2016-3189 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1312-1 Released: Wed May 22 12:19:12 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1096191 Description: This update for aaa_base fixes the following issue: * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1351-1 Released: Fri May 24 14:41:10 2019 Summary: Security update for gnutls Type: security Severity: important References: 1118087,1134856,CVE-2018-16868 Description: This update for gnutls fixes the following issues: Security issue fixed: - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed: - Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1352-1 Released: Fri May 24 14:41:44 2019 Summary: Security update for python3 Type: security Severity: moderate References: 1130840,1133452,CVE-2019-9947 Description: This update for python3 to version 3.6.8 fixes the following issues: Security issue fixed: - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). Non-security issue fixed: - Fixed broken debuginfo packages by switching off LTO and PGO optimization (bsc#1133452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1357-1 Released: Mon May 27 13:29:15 2019 Summary: Security update for curl Type: security Severity: important References: 1135170,CVE-2019-5436 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1364-1 Released: Tue May 28 10:51:38 2019 Summary: Security update for systemd Type: security Severity: moderate References: 1036463,1121563,1124122,1125352,1125604,1126056,1127557,1130230,1132348,1132400,1132721,1133506,1133509,CVE-2019-3842,CVE-2019-3843,CVE-2019-3844,CVE-2019-6454,SLE-5933 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). - CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). - CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: - logind: fix killing of scopes (bsc#1125604) - namespace: make MountFlags=shared work again (bsc#1124122) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - Do not automatically online memory on s390x (bsc#1127557) - Removed sg.conf (bsc#1036463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1368-1 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Type: security Severity: important References: 1134524,CVE-2019-5021 Description: This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1372-1 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1105435,CVE-2018-1000654 Description: This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1484-1 Released: Thu Jun 13 07:46:46 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1128383 Description: This update for e2fsprogs fixes the following issues: - Check and fix tails of all bitmap blocks (bsc#1128383) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1486-1 Released: Thu Jun 13 09:40:24 2019 Summary: Security update for elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665 Description: This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1487-1 Released: Thu Jun 13 09:40:56 2019 Summary: Security update for python-requests Type: security Severity: moderate References: 1111622,CVE-2018-18074 Description: This update for python-requests to version 2.20.1 fixes the following issues: Security issue fixed: - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1590-1 Released: Thu Jun 20 19:49:57 2019 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1128598 Description: This update for permissions fixes the following issues: - Added whitelisting for /usr/lib/singularity/bin/starter-suid in the new singularity 3.1 version. (bsc#1128598) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1594-1 Released: Fri Jun 21 10:17:15 2019 Summary: Security update for glib2 Type: security Severity: important References: 1103678,1137001,CVE-2019-12450 Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed: - glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1595-1 Released: Fri Jun 21 10:17:44 2019 Summary: Security update for dbus-1 Type: security Severity: important References: 1137832,CVE-2019-12749 Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1616-1 Released: Fri Jun 21 11:04:39 2019 Summary: Recommended update for rpcbind Type: recommended Severity: moderate References: 1134659 Description: This update for rpcbind fixes the following issues: - Change rpcbind locking path from /var/run/rpcbind.lock to /run/rpcbind.lock. (bsc#1134659) - Change the order of socket/service in the %postun scriptlet to avoid an error from rpcbind.socket when rpcbind is running during package update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1627-1 Released: Fri Jun 21 11:15:11 2019 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1073421,1122271,1129859 Description: This update for xfsprogs fixes the following issues: - xfs_repair: will now allow '/' in attribute names (bsc#1122271) - xfs_repair: will now allow zeroing of corrupt log (bsc#1073421) - enabdled offline (unmounted) filesystem geometry queries (bsc#1129859) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1631-1 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Type: recommended Severity: low References: 1135709 Description: This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1635-1 Released: Fri Jun 21 12:45:53 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1134217 Description: This update for krb5 provides the following fix: - Move LDAP schema files from /usr/share/doc/packages/krb5 to /usr/share/kerberos/ldap. (bsc#1134217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1700-1 Released: Tue Jun 25 13:19:21 2019 Summary: Security update for libssh Type: recommended Severity: moderate References: 1134193 Description: This update for libssh fixes the following issue: Issue addressed: - Added support for new AES-GCM encryption types (bsc#1134193). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1737-1 Released: Wed Jul 3 21:12:04 2019 Summary: Recommended update for rdma-core Type: recommended Severity: moderate References: 996146 Description: This update for rdma-core fixes the following issues: - Fix man page of mlx5dv_create_flow_action_modify_header. (bsc#996146) - Fix libhns flush cqe in case multi-process. (bsc#996146) - Fix ibacm: acme does not work if server_mode is not unix. (bsc#996146) - Fix verbs: The ibv_xsrq_pingpong '-c' option is broken. (bsc#996146) - Fix mlx5: Fix masking service level in mlx5_create_ah. (bsc#996146) - Fix cmake: Explicitly convert build type to be STRING. (bsc#996146) - Fix libhns: Bugfix for filtering zero length sge. (bsc#996146) - Fix buildlib: Ensure stanza is properly sorted. (bsc#996146) - Fix debian: Create empty pyverbs package for builds without pyverbs. (bsc#996146) - Fix verbs: Fix attribute returning. (bsc#996146) - Fix build: Fix pyverbs build issues on Debian. (bsc#996146) - Fix travis: Change SuSE package target due to Travis CI failures. (bsc#996146) - Fix verbs: Avoid inline send when using device memory in rc_pingpong. (bsc#996146) - Fix mlx5: Use copy loop to read from device memory. (bsc#996146) - Fix verbs: clear cmd buffer when creating indirection table. (bsc#996146) - Fix libhns: Bugfix for using buffer length. (bsc#996146) - Fix incorrect error handling when SQ wqe count is 0. (bsc#996146) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1808-1 Released: Wed Jul 10 13:16:29 2019 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1133808 Description: This update for libgcrypt fixes the following issues: - Fixed redundant fips tests in some situations causing sudo to stop working when pam-kwallet is installed. bsc#1133808 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 Description: This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1833-1 Released: Fri Jul 12 17:53:51 2019 Summary: Security update for glib2 Type: security Severity: moderate References: 1139959,CVE-2019-13012 Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1835-1 Released: Fri Jul 12 18:06:31 2019 Summary: Security update for expat Type: security Severity: moderate References: 1139937,CVE-2018-20843 Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1846-1 Released: Mon Jul 15 11:36:33 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1853-1 Released: Mon Jul 15 16:03:36 2019 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1107617,1137053 Description: This update for systemd fixes the following issues: - conf-parse: remove 4K line length limit (bsc#1137053) - udevd: change the default value of udev.children-max (again) (bsc#1107617) - meson: stop creating enablement symlinks in /etc during installation (sequel) - Fixed build for openSUSE Leap 15+ - Make sure we don't ship any static enablement symlinks in /etc Those symlinks must only be created by the presets. There are no changes in practice since systemd/udev doesn't ship such symlinks in /etc but let's make sure no future changes will introduce new ones by mistake. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1869-1 Released: Wed Jul 17 14:03:20 2019 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1140868,CVE-2019-11709,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11715,CVE-2019-11717,CVE-2019-11719,CVE-2019-11729,CVE-2019-11730,CVE-2019-9811 Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1877-1 Released: Thu Jul 18 11:31:46 2019 Summary: Security update for glibc Type: security Severity: moderate References: 1117993,1123710,1127223,1127308,1131330,CVE-2009-5155,CVE-2019-9169 Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Does no longer compress debug sections in crt*.o files (bsc#1123710) - Fixes a concurrency problem in ldconfig (bsc#1117993) - Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1971-1 Released: Thu Jul 25 14:58:52 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1138939,CVE-2019-12904 Description: This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1984-1 Released: Fri Jul 26 00:15:46 2019 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1036463,1127155,1134819,937216 Description: This update for suse-module-tools fixes the following issues: - Softdep of bridge on br_netfilter. (bsc#937216, bsc#1134819) - Install sg.conf under /usr/lib/modules-load.d and avoid file conflict with systemd. (bsc#1036463) - weak-modules2: Emit 'inconsistent' warning only if replacement fails. (bsc#1127155) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1994-1 Released: Fri Jul 26 16:12:05 2019 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1135123 Description: This update for libxml2 fixes the following issues: - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2004-1 Released: Mon Jul 29 13:01:59 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2006-1 Released: Mon Jul 29 13:02:49 2019 Summary: Security update for gpg2 Type: security Severity: important References: 1124847,1141093,CVE-2019-13050 Description: This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed a denial of service attacks via big keys (bsc#1141093). Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2050-1 Released: Tue Aug 6 09:42:37 2019 Summary: Security update for python3 Type: security Severity: important References: 1094814,1138459,1141853,CVE-2018-20852,CVE-2019-10160 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Non-security issue fixed: - Fixed an issue where the SIGINT signal was ignored or not handled (bsc#1094814). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2085-1 Released: Wed Aug 7 13:58:43 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1135751 Description: This update for apparmor fixes the following issues: - Profile updates for dnsmasq, dovecot, identd, syslog-ng - Parser: fix 'Px -> foo-bar' (the '-' was rejected before) - Add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys. - Fix build with swig 4.0. (bsc#1135751) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2097-1 Released: Fri Aug 9 09:31:17 2019 Summary: Recommended update for libgcrypt Type: recommended Severity: important References: 1097073 Description: This update for libgcrypt fixes the following issues: - Fixed a regression where system were unable to boot in fips mode, caused by an incomplete implementation of previous change (bsc#1097073). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2134-1 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1136717,1137624,1141059,SLE-5807 Description: This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2142-1 Released: Wed Aug 14 18:14:04 2019 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1141322 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.45 (bsc#1141322) : * New function in pk11pub.h: PK11_FindRawCertsWithSubject * The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374) * Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078). * Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579) * Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262) * Add IPSEC IKE support to softoken (bmo#1546229) * Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616) * Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed. * Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime. mozilla-nspr was updated to version 4.21 * Changed prbit.h to use builtin function on aarch64. * Removed Gonk/B2G references. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2188-1 Released: Wed Aug 21 10:10:29 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1140647 Description: This update for aaa_base fixes the following issues: - Make systemd detection cgroup oblivious. (bsc#1140647) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2190-1 Released: Wed Aug 21 17:00:34 2019 Summary: SUSE Enterprise Storage 6 Technical Container Preview Type: optional Severity: low References: 1145433 Description: This is a technical preview for SUSE Enterprise Storage 6. From sle-updates at lists.suse.com Sat Feb 1 01:36:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:36:33 +0100 (CET) Subject: SUSE-CU-2019:748-1: Security update of ses/6/ceph/ceph Message-ID: <20200201083633.26408F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:748-1 Container Tags : ses/6/ceph/ceph:14.2.2.354 , ses/6/ceph/ceph:14.2.2.354.1.5.28 , ses/6/ceph/ceph:latest Container Release : 1.5.28 Severity : important Type : security References : 1073313 1081947 1081947 1082293 1082318 1085196 1088358 1106214 1111388 1112438 1114845 1121197 1122417 1122666 1125689 1125886 1127701 1129071 1132663 1132900 1133773 1134616 1135534 1135708 1135984 1136245 1137296 1141113 1141883 1143055 1143194 1143273 1144047 1144169 1145383 1146182 1146184 1146866 1148494 1149203 1149429 1149495 1149496 1150003 1150250 1150895 1152326 353876 CVE-2017-17740 CVE-2019-11236 CVE-2019-11324 CVE-2019-13057 CVE-2019-13565 CVE-2019-14806 CVE-2019-1547 CVE-2019-1563 CVE-2019-15903 CVE-2019-5481 CVE-2019-5482 CVE-2019-6446 CVE-2019-9511 CVE-2019-9513 CVE-2019-9740 SLE-6094 SLE-8532 SLE-9132 ----------------------------------------------------------------- The container ses/6/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2218-1 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Type: recommended Severity: moderate References: 1141883 Description: This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2241-1 Released: Wed Aug 28 14:58:49 2019 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1144169 Description: This update for ca-certificates-mozilla fixes the following issues: ca-certificates-mozillawas updated to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169) Removed CAs: - Certinomis - Root CA Includes new root CAs from the 2.32 version: - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2306-1 Released: Thu Sep 5 14:39:23 2019 Summary: Recommended update for parted Type: recommended Severity: moderate References: 1082318,1136245 Description: This update for parted fixes the following issues: - Included several minor bug fixes - for more details please refer to this rpm's changelog (bsc#1136245) - Installs the license file in the correct directory (bsc#1082318) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2307-1 Released: Thu Sep 5 14:45:08 2019 Summary: Security update for util-linux and shadow Type: security Severity: moderate References: 1081947,1082293,1085196,1106214,1121197,1122417,1125886,1127701,1135534,1135708,1141113,353876 Description: This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Prevent outdated pam files (bsc#1082293). - De-duplicate fstrim -A properly (bsc#1127701). - Do not trim read-only volumes (bsc#1106214). - Integrate pam_keyinit pam module to login (bsc#1081947). - Perform one-time reset of /etc/default/su (bsc#1121197). - Fix problems in reading of login.defs values (bsc#1121197) - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add RemainAfterExit=yes (bsc#1135534). - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - libmount: print a blacklist hint for 'unknown filesystem type' (jsc#SUSE-4085, fate#326832) - Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197). shadow: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Fix segfault in useradd during setting password inactivity period. (bsc#1141113) - Hardening for su wrappers (bsc#353876) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2332-1 Released: Mon Sep 9 10:17:16 2019 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1129071,1132663,1132900,CVE-2019-11236,CVE-2019-11324,CVE-2019-9740 Description: This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2361-1 Released: Thu Sep 12 07:54:54 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1081947,1144047 Description: This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2365-1 Released: Thu Sep 12 11:23:31 2019 Summary: Security update for python-Werkzeug Type: security Severity: moderate References: 1145383,CVE-2019-14806 Description: This update for python-Werkzeug fixes the following issues: Security issue fixed: - CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container (bsc#1145383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2367-1 Released: Thu Sep 12 12:59:37 2019 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1122666,1135984,1137296 Description: This update for lvm2 fixes the following issues: - Fix unknown feature in status message (bsc#1135984) - Fix using device aliases with lvmetad (bsc#1137296) - Fix devices drop open error message (bsc#1122666) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2373-1 Released: Thu Sep 12 14:18:53 2019 Summary: Security update for curl Type: security Severity: important References: 1149495,1149496,CVE-2019-5481,CVE-2019-5482 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2395-1 Released: Wed Sep 18 08:31:38 2019 Summary: Security update for openldap2 Type: security Severity: moderate References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565 Description: This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2403-1 Released: Wed Sep 18 16:14:29 2019 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1150003,1150250,CVE-2019-1547,CVE-2019-1563 Description: This update for openssl-1_1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2416-1 Released: Fri Sep 20 12:51:10 2019 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1148494,SLE-6094 Description: This update for suse-module-tools fixes the following issues: - Remove 'modhash' as it has moved to mokutil package. (jsc#SLE-6094, bsc#1148494) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2422-1 Released: Fri Sep 20 16:36:43 2019 Summary: Recommended update for python-urllib3 Type: recommended Severity: moderate References: 1150895 Description: This update for python-urllib3 fixes the following issues: - Add missing dependency on python-six (bsc#1150895) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2423-1 Released: Fri Sep 20 16:41:45 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1146866,SLE-9132 Description: This update for aaa_base fixes the following issues: Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132) Following settings have been tightened (and set to 0): - net.ipv4.conf.all.accept_redirects - net.ipv4.conf.default.accept_redirects - net.ipv4.conf.default.accept_source_route - net.ipv6.conf.all.accept_redirects - net.ipv6.conf.default.accept_redirects ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2429-1 Released: Mon Sep 23 09:28:40 2019 Summary: Security update for expat Type: security Severity: moderate References: 1149429,CVE-2019-15903 Description: This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2462-1 Released: Wed Sep 25 16:43:04 2019 Summary: Security update for python-numpy Type: security Severity: moderate References: 1149203,CVE-2019-6446,SLE-8532 Description: This update for python-numpy fixes the following issues: Non-security issues fixed: - Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2473-1 Released: Thu Sep 26 10:02:03 2019 Summary: Security update for nghttp2 Type: security Severity: moderate References: 1112438,1125689,1134616,1146182,1146184,CVE-2019-9511,CVE-2019-9513 Description: This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#11461). Bug fixes and enhancements: - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Feature: Add W&S module (FATE#326776, bsc#1112438) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2483-1 Released: Fri Sep 27 14:16:23 2019 Summary: Optional update for python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate. Type: optional Severity: low References: 1088358 Description: This update ships python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate for the SUSE Linux Enterprise Public Cloud 15 module. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2488-1 Released: Mon Sep 30 11:24:28 2019 Summary: Optional update for ceph Type: optional Severity: low References: 1152326 Description: This update will just be released to the codestream to align the versions (bsc#1152326) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2418-1 Released: Thu Nov 14 11:53:03 2019 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1133773,1143055 Description: This update for bash fixes the following issues: - Rework patch readline-7.0-screen (bsc#1143055): map all 'screen(-xxx)?.yyy(-zzz)?' to 'screen' as well as map 'konsole(-xxx)?' and 'gnome(-xxx)?' to 'xterm' - Add a backport from bash 5.0 to perform better with large numbers of sub processes. (bsc#1133773) From sle-updates at lists.suse.com Sat Feb 1 01:36:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:36:40 +0100 (CET) Subject: SUSE-CU-2019:749-1: Security update of ses/6/ceph/ceph Message-ID: <20200201083640.98C20F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:749-1 Container Tags : ses/6/ceph/ceph:14.2.2.354 , ses/6/ceph/ceph:14.2.2.354.1.5.33 , ses/6/ceph/ceph:latest Container Release : 1.5.33 Severity : moderate Type : security References : 1082318 1128828 1142614 1150137 CVE-2019-16168 CVE-2019-9893 ----------------------------------------------------------------- The container ses/6/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2517-1 Released: Wed Oct 2 10:49:20 2019 Summary: Security update for libseccomp Type: security Severity: moderate References: 1082318,1128828,1142614,CVE-2019-9893 Description: This update for libseccomp fixes the following issues: Security issues fixed: - CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828) libseccomp was updated to new upstream release 2.4.1: - Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893): - Update the syscall table for Linux v5.0-rc5 - Added support for the SCMP_ACT_KILL_PROCESS action - Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute - Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension - Added support for the parisc and parisc64 architectures - Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) - Return -EDOM on an endian mismatch when adding an architecture to a filter - Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() - Fix PFC generation when a syscall is prioritized, but no rule exists - Numerous fixes to the seccomp-bpf filter generation code - Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 - Numerous tests added to the included test suite, coverage now at ~92% - Update our Travis CI configuration to use Ubuntu 16.04 - Numerous documentation fixes and updates libseccomp was updated to release 2.3.3: - Updated the syscall table for Linux v4.15-rc7 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2533-1 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1150137,CVE-2019-16168 Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). From sle-updates at lists.suse.com Sat Feb 1 01:36:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:36:51 +0100 (CET) Subject: SUSE-CU-2019:750-1: Recommended update of ses/6/ceph/ceph Message-ID: <20200201083651.5089DF798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:750-1 Container Tags : ses/6/ceph/ceph:14.2.2.354 , ses/6/ceph/ceph:14.2.2.354.1.5.34 , ses/6/ceph/ceph:latest Container Release : 1.5.34 Severity : low Type : recommended References : ----------------------------------------------------------------- The container ses/6/ceph/ceph was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Sat Feb 1 01:37:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:37:00 +0100 (CET) Subject: SUSE-CU-2019:751-1: Security update of ses/6/ceph/ceph Message-ID: <20200201083700.7002CF798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:751-1 Container Tags : ses/6/ceph/ceph:14.2.4.373 , ses/6/ceph/ceph:14.2.4.373.1.5.55 , ses/6/ceph/ceph:latest Container Release : 1.5.55 Severity : important Type : security References : 1049825 1051143 1071995 1092100 1109412 1109413 1109414 1110797 1111996 1112534 1112535 1113247 1113252 1113255 1116827 1116995 1118644 1118830 1118831 1120629 1120630 1120631 1120640 1121034 1121035 1121056 1121753 1127155 1127608 1130306 1131113 1131823 1133131 1133232 1134226 1135749 1137977 1138869 1139459 1139795 1140039 1140631 1141897 1141913 1142343 1142649 1142772 1145023 1145521 1145716 1146027 1146415 1146947 1148517 1149121 1149145 1149792 1149792 1149792 1149955 1150451 1150595 1150733 1151023 1151490 1152101 1152590 1153165 1153238 1153557 1153674 1153936 1154016 1154025 1154217 859480 CVE-2018-1000876 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2019-1010180 CVE-2019-14250 CVE-2019-14287 CVE-2019-14853 CVE-2019-14859 CVE-2019-15847 CVE-2019-16056 CVE-2019-16935 CVE-2019-17543 CVE-2019-3689 CVE-2019-5094 ECO-368 PM-1350 SLE-6206 SLE-7687 SLE-9426 ----------------------------------------------------------------- The container ses/6/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2626-1 Released: Thu Oct 10 17:22:35 2019 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1110797 Description: This update for permissions fixes the following issues: - Updated permissons for amanda. (bsc#1110797) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2645-1 Released: Fri Oct 11 17:11:23 2019 Summary: Recommended update for python-cryptography Type: recommended Severity: moderate References: 1149792 Description: This update for python-cryptography fixes the following issues: - Adds compatibility to openSSL 1.1.1d (bsc#1149792) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2647-1 Released: Fri Oct 11 17:12:06 2019 Summary: Recommended update for python-pyOpenSSL Type: recommended Severity: moderate References: 1149792 Description: This update for python-pyOpenSSL fixes the following issues: - Adds compatibility for openSSL 1.1.1d (bsc#1149792) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2656-1 Released: Mon Oct 14 17:02:24 2019 Summary: Security update for sudo Type: security Severity: important References: 1153674,CVE-2019-14287 Description: This update for sudo fixes the following issue: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2676-1 Released: Tue Oct 15 21:06:54 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1145716,1152101,CVE-2019-5094 Description: This update for e2fsprogs fixes the following issues: Security issue fixed: - CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101) Non-security issue fixed: - libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2693-1 Released: Wed Oct 16 16:43:30 2019 Summary: Recommended update for rpcbind Type: recommended Severity: moderate References: 1142343 Description: This update for rpcbind fixes the following issues: - Return correct IP address with multiple ip addresses in the same subnet. (bsc#1142343) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2702-1 Released: Wed Oct 16 18:41:30 2019 Summary: Security update for gcc7 Type: security Severity: moderate References: 1071995,1141897,1142649,1148517,1149145,CVE-2019-14250,CVE-2019-15847 Description: This update for gcc7 to r275405 fixes the following issues: Security issues fixed: - CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649). - CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145). Non-security issue fixed: - Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 Description: This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2742-1 Released: Tue Oct 22 15:40:16 2019 Summary: Recommended update for libzypp, zypper, libsolv and PackageKit Type: recommended Severity: important References: 1049825,1116995,1120629,1120630,1120631,1127155,1127608,1130306,1131113,1131823,1134226,1135749,1137977,1139795,1140039,1145521,1146027,1146415,1146947,1153557,859480,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 Description: This update for libzypp, zypper, libsolv and PackageKit fixes the following issues: Security issues fixed in libsolv: - CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629). - CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630). - CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631). Other issues addressed in libsolv: - Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749). - Fixed an issue with the package name (bsc#1131823). - repo_add_rpmdb: do not copy bad solvables from the old solv file - Fixed an issue with cleandeps updates in which all packages were not updated - Experimental DISTTYPE_CONDA and REL_CONDA support - Fixed cleandeps jobs when using patterns (bsc#1137977) - Fixed favorq leaking between solver runs if the solver is reused - Fixed SOLVER_FLAG_FOCUS_BEST updateing packages without reason - Be more correct with multiversion packages that obsolete their own name (bnc#1127155) - Fix repository priority handling for multiversion packages - Make code compatible with swig 4.0, remove obj0 instances - repo2solv: support zchunk compressed data - Remove NO_BRP_STRIP_DEBUG=true as brp-15-strip-debug will not strip debug info for archives Issues fixed in libzypp: - Fix empty metalink downloads if filesize is unknown (bsc#1153557) - Recognize riscv64 as architecture - Fix installation of new header file (fixes #185) - zypp.conf: Introduce `solver.focus` to define the resolvers general attitude when resolving jobs. (bsc#1146415) - New container detection algorithm for zypper ps (bsc#1146947) - Fix leaking filedescriptors in MediaCurl. (bsc#1116995) - Run file conflict check on dry-run. (bsc#1140039) - Do not remove orphan products if the .prod file is owned by a package. (bsc#1139795) - Rephrase file conflict check summary. (bsc#1140039) - Fix bash completions option detection. (bsc#1049825) - Fixes a bug where zypper exited on SIGPIPE when downloading packages (bsc#1145521) - Fixes an issue where zypper exited with a segmentation fault when updating via YaST2 (bsc#1146027) - PublicKey::algoName: supply key algorithm and length Issues fixed in zypper: - Update to version 1.14.30 - Ignore SIGPIPE while STDOUT/STDERR are OK (bsc#1145521) - Dump stacktrace on SIGPIPE (bsc#1145521) - info: The requested info must be shown in QUIET mode (fixes #287) - Fix local/remote url classification. - Rephrase file conflict check summary (bsc#1140039) - Fix bash completions option detection (bsc#1049825) - man: split '--with[out]' like options to ease searching. - Unhided 'ps' command in help - Added option to show more conflict information - Rephrased `zypper ps` hint (bsc#859480) - Fixed repo refresh not returning 106-ZYPPER_EXIT_INF_REPOS_SKIPPED if --root is used (bsc#1134226) - Fixed unknown package handling in zypper install (bsc#1127608) - Re-show progress bar after pressing retry upon install error (bsc#1131113) Issues fixed in PackageKit: - Port the cron configuration variables to the systemd timer script, and add -sendwait parameter to mail in the script(bsc#1130306). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2757-1 Released: Wed Oct 23 17:21:17 2019 Summary: Security update for lz4 Type: security Severity: moderate References: 1153936,CVE-2019-17543 Description: This update for lz4 fixes the following issues: - CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 Description: This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2779-1 Released: Thu Oct 24 16:57:42 2019 Summary: Security update for binutils Type: security Severity: moderate References: 1109412,1109413,1109414,1111996,1112534,1112535,1113247,1113252,1113255,1116827,1118644,1118830,1118831,1120640,1121034,1121035,1121056,1133131,1133232,1141913,1142772,1152590,1154016,1154025,CVE-2018-1000876,CVE-2018-17358,CVE-2018-17359,CVE-2018-17360,CVE-2018-17985,CVE-2018-18309,CVE-2018-18483,CVE-2018-18484,CVE-2018-18605,CVE-2018-18606,CVE-2018-18607,CVE-2018-19931,CVE-2018-19932,CVE-2018-20623,CVE-2018-20651,CVE-2018-20671,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945,CVE-2019-1010180,ECO-368,SLE-6206 Description: This update for binutils fixes the following issues: binutils was updated to current 2.32 branch [jsc#ECO-368]. Includes following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO build issues (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section - Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016). - Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590). Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Fix broken debug symbols (bsc#1118644) - Handle ELF compressed header alignment correctly. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2782-1 Released: Fri Oct 25 14:27:52 2019 Summary: Security update for nfs-utils Type: security Severity: moderate References: 1150733,CVE-2019-3689 Description: This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2802-1 Released: Tue Oct 29 11:39:05 2019 Summary: Security update for python3 Type: security Severity: moderate References: 1149121,1149792,1149955,1151490,1153238,CVE-2019-16056,CVE-2019-16935,PM-1350,SLE-9426 Description: This update for python3 to 3.6.9 fixes the following issues: Security issues fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Non-security issues fixed: - Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL. (bsc#1151490) - Improved locale handling by implementing PEP 538. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2812-1 Released: Tue Oct 29 14:57:55 2019 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1139459,1140631,1145023,1150595,SLE-7687 Description: This update for systemd provides the following fixes: - Fix a problem that would cause invoking try-restart to an inactive service to hang when a daemon-reload is invoked before the try-restart returned. (bsc#1139459) - man: Add a note about _netdev usage. - units: Replace remote-cryptsetup-pre.target with remote-fs-pre.target. - units: Add [Install] section to remote-cryptsetup.target. - cryptsetup: Ignore _netdev, since it is used in generator. - cryptsetup-generator: Use remote-cryptsetup.target when _netdev is present. (jsc#SLE-7687) - cryptsetup-generator: Add a helper utility to create symlinks. - units: Add remote-cryptsetup.target and remote-cryptsetup-pre.target. - man: Add an explicit description of _netdev to systemd.mount(5). - man: Order fields alphabetically in crypttab(5). - man: Make crypttab(5) a bit easier to read. - units: Order cryptsetup-pre.target before cryptsetup.target. - Fix reporting of enabled-runtime units. - sd-bus: Deal with cookie overruns. (bsc#1150595) - rules: Add by-id symlinks for persistent memory. (bsc#1140631) - Buildrequire polkit so /usr/share/polkit-1/rules.d subdir can be only owned by polkit. (bsc#1145023) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2870-1 Released: Thu Oct 31 08:09:14 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1051143,1138869,1151023 Description: This update for aaa_base provides the following fixes: - Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869) - Add s390x compressed kernel support. (bsc#1151023) - service: Check if there is a second argument before using it. (bsc#1051143) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2891-1 Released: Mon Nov 4 17:47:10 2019 Summary: Security update for python-ecdsa Type: security Severity: moderate References: 1153165,1154217,CVE-2019-14853,CVE-2019-14859 Description: This update for python-ecdsa to version 0.13.3 fixes the following issues: Security issues fixed: - CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165). - CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217). From sle-updates at lists.suse.com Sat Feb 1 01:37:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:37:09 +0100 (CET) Subject: SUSE-CU-2019:752-1: Recommended update of ses/6/ceph/ceph Message-ID: <20200201083709.46B4EF798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:752-1 Container Tags : ses/6/ceph/ceph:14.2.2.354 , ses/6/ceph/ceph:14.2.2.354.1.5.57 , ses/6/ceph/ceph:latest Container Release : 1.5.57 Severity : moderate Type : recommended References : 1151481 ----------------------------------------------------------------- The container ses/6/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2929-1 Released: Thu Nov 7 16:45:13 2019 Summary: Recommended update for python-kubernetes Type: recommended Severity: moderate References: 1151481 Description: This update for python-kubernetes fixes the following issues: - python-ipaddress is only required for building on Python2 (on Python3 is part of the standard library) - Backport fix for base64 padding in kubeconfig (bsc#1151481) From sle-updates at lists.suse.com Sat Feb 1 01:37:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:37:18 +0100 (CET) Subject: SUSE-CU-2019:753-1: Security update of ses/6/ceph/ceph Message-ID: <20200201083718.52FA3F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:753-1 Container Tags : ses/6/ceph/ceph:14.2.4.386 , ses/6/ceph/ceph:14.2.4.386.1.5.61 , ses/6/ceph/ceph:latest Container Release : 1.5.61 Severity : important Type : security References : 1103320 1132767 1134444 1135584 1137503 1140491 1141174 1145093 1145617 1145618 1145759 1146656 1147132 1149093 1150406 1151439 1151990 1151991 1151992 1151993 1151994 1151995 1152002 1154019 1154036 1154037 1156282 CVE-2019-10222 CVE-2019-17594 CVE-2019-17595 ----------------------------------------------------------------- The container ses/6/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2980-1 Released: Thu Nov 14 22:45:33 2019 Summary: Optional update for curl Type: optional Severity: low References: 1154019 Description: This update for curl doesn't address any user visible issues. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2994-1 Released: Mon Nov 18 13:34:33 2019 Summary: Security update for ceph Type: security Severity: important References: 1132767,1134444,1135584,1137503,1140491,1141174,1145093,1145617,1145618,1145759,1146656,1147132,1149093,1150406,1151439,1151990,1151991,1151992,1151993,1151994,1151995,1152002,1156282,CVE-2019-10222 Description: This update for ceph fixes the following issues: - A previous update introduced a regression with the potential to cause RocksDB data corruption in Nautilus (bsc#1156282). - Support for iSCSI target-level CHAP authentication was added (bsc#1145617). - Implemented validation and rendering of iSCSI controls based 'type' (bsc#1140491). - Fixed an error while editing iSCSI image advanced settings (bsc#1146656). - Fixed a ceph-volume regression. SES customers were never exposed to this regression (bsc#1132767). - Fixed a denial of service vulnerability where an unauthenticated client of Ceph Object Gateway could trigger a crash from an uncaught exception (bsc#1145093, CVE-2019-10222) - Nautilus-based librbd clients could not open images on Jewel clusters (bsc#1151994). - The RGW num_rados_handles has been removed (bsc#1151995). - 'osd_deep_scrub_large_omap_object_key_threshold' has been lowered in Nautilus (bsc#1152002). - The ceph dashboard now supports silencing Prometheus notifications (bsc#1141174). - The no{up,down,in,out} related commands have been revamped (bsc#1151990). - Radosgw-admin got two new subcommands for managing expire-stale objects (bsc#1151991).. - Deploying a single new BlueStore OSD on a cluster upgraded to SES6 from SES5 used to break pool utilization stats reported by ceph df (bsc#1151992). - Ceph clusters will issue a health warning if CRUSH tunables are older than 'hammer' (bsc#1151993). - Ceph-volume prints errors to stdout with --format json (bsc#1132767). - Changing rgw-api-host in the dashboard does not get effective without disable/enable dashboard mgr module (bsc#1137503). - Silenced Alertmanager alerts in the dashboard (bsc#1141174). - Fixed e2e failures in the dashboard caused by webdriver version (bsc#1145759) - librbd always tries to acquire exclusive lock when removing image an (bsc#1149093). Fixes in ses-manual_en: - Added a new chapter with changelogs of Ceph releases. (bsc#1135584) - Rewrote rolling updates and replaced running stage.0 with manual commands to prevent infinite loop. (bsc#1134444) - Improved name of CaaSP to its fuller version. (bsc#1151439) - Verify which OSD's are going to be removed before running stage.5. (bsc#1150406) - Added two additional steps to recovering an OSD. (bsc#1147132) Fixes in ceph-iscsi: - Validate kernel LIO controls type and value (bsc#1140491) - TPG lun_id persistence (bsc#1145618) - Target level CHAP authentication (bsc#1145617) ceph-iscsi was updated to the upstream 3.2 release: - Always use host FQDN instead of shortname - Validate min/max value for target controls and rbd:user/tcmu-runner image controls (bsc#1140491) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2997-1 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Type: security Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). From sle-updates at lists.suse.com Sat Feb 1 01:37:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:37:26 +0100 (CET) Subject: SUSE-CU-2020:34-1: Security update of ses/6/ceph/ceph Message-ID: <20200201083726.DA57AF798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:34-1 Container Tags : ses/6/ceph/ceph:14.2.5.380 , ses/6/ceph/ceph:14.2.5.380.1.5.100 , ses/6/ceph/ceph:latest Container Release : 1.5.100 Severity : important Type : security References : 1007715 1027282 1029377 1029902 1040164 1042670 1070853 1079761 1081750 1083507 1084934 1086001 1088004 1088009 1088573 1093414 1094814 1107030 1109663 1109847 1114592 1120644 1122191 1123919 1124556 1129346 1130840 1131817 1132337 1133452 1134365 1135254 1137131 1137132 1137227 1137942 1138459 1140504 1140601 1140879 1141203 1141322 1141853 1141897 1142152 1142649 1142654 1145231 1145554 1145571 1145756 1146415 1146475 1148360 1148498 1148517 1148987 1149121 1149145 1149203 1149511 1149792 1149955 1150734 1151490 1152755 1153238 1153351 1153876 1154230 1154295 1154871 1154884 1154887 1155045 1155199 1155338 1155339 1155346 1155407 1155463 1155655 1155668 1155950 1156571 1157198 1157278 1157438 1157611 1157775 1157891 1158095 1158095 1158101 1158120 1158527 1158809 1158923 1158925 1158926 1158927 1158929 1158930 1158931 1158932 1158933 1159035 1159622 1159819 1159989 1160920 637176 658604 673071 709442 743787 747125 751718 754447 754677 787526 809831 831629 834601 871152 885662 885882 917607 942751 951166 983582 984751 985177 985348 989523 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-18508 CVE-2018-20406 CVE-2018-20852 CVE-2019-10160 CVE-2019-11745 CVE-2019-12290 CVE-2019-13627 CVE-2019-14250 CVE-2019-14866 CVE-2019-14889 CVE-2019-14889 CVE-2019-1551 CVE-2019-15847 CVE-2019-15903 CVE-2019-16056 CVE-2019-16935 CVE-2019-17006 CVE-2019-18224 CVE-2019-3688 CVE-2019-3690 CVE-2019-5010 CVE-2019-9636 CVE-2019-9947 SLE-6533 SLE-6536 SLE-8532 SLE-8789 SLE-9171 ----------------------------------------------------------------- The container ses/6/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3010-1 Released: Tue Nov 19 18:10:58 2019 Summary: Recommended update for zypper and libsolv Type: recommended Severity: moderate References: 1145554,1146415,1149511,1153351,SLE-9171 Description: This update for zypper and libsolv fixes the following issues: Package: zypper - Improved the documentation of $releasever and --releasever usescases (bsc#1149511) - zypper will now ask only once when multiple packages share the same license text (bsc#1145554) - Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus mode when resolving jobs (bsc#1146415) - Fixes an issue where 'zypper lu' didn't list all available package updates (bsc#1153351) - Added a new --repo option to the 'download' command to allow to specify a repository (jsc#SLE-9171) Package: libsolv - Fixes issues when updating too many packages in focusbest mode - Fixes the handling of disabled and installed packages in distupgrade ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3040-1 Released: Fri Nov 22 11:59:52 2019 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1145231 Description: This update for lvm2 fixes the following issues: - Adds a fix to detect MD devices by LVM2 with metadata=1.0/0.9 (bsc#1145231) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3059-1 Released: Mon Nov 25 17:33:07 2019 Summary: Security update for cpio Type: security Severity: moderate References: 1155199,CVE-2019-14866 Description: This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3061-1 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Type: security Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 Description: This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3070-1 Released: Tue Nov 26 12:39:29 2019 Summary: Recommended update for gpg2 Type: recommended Severity: low References: 1152755 Description: This update for gpg2 provides the following fix: - Remove a build requirement on self. This is causing Leap 15.2 bootstrap to fail. (bsc#1152755) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 Description: This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3087-1 Released: Thu Nov 28 10:03:00 2019 Summary: Security update for libxml2 Type: security Severity: low References: 1123919 Description: This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3118-1 Released: Fri Nov 29 14:41:35 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1154295 Description: This update for e2fsprogs fixes the following issues: - Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3166-1 Released: Wed Dec 4 11:24:42 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1007715,1084934,1157278 Description: This update for aaa_base fixes the following issues: - Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934) - Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715) - Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3167-1 Released: Wed Dec 4 11:27:35 2019 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1142152 Description: This update for suse-module-tools fixes the following issues: - Add dependency of papr_scm on libnvdimm in the initrd image. (bsc#1142152, ltc#176292, FATE#327775). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3172-1 Released: Wed Dec 4 11:46:44 2019 Summary: Recommended update for libstoragemgmt Type: recommended Severity: moderate References: 1155407 Description: This update for libstoragemgmt ships two new sub-packages (fate#327790 bsc#1155407): - libstoragemgmt-hpsa-plugin: HP SmartArray plugin. - libstoragemgmt-megaraid-plugin: LSI MegaRaid plugin. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3181-1 Released: Thu Dec 5 11:43:07 2019 Summary: Security update for permissions Type: security Severity: moderate References: 1093414,1150734,1157198,CVE-2019-3688,CVE-2019-3690 Description: This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused sagmentation fault (bsc#1157198). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3240-1 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Type: recommended Severity: moderate References: 1154871 Description: This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3267-1 Released: Wed Dec 11 11:19:53 2019 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3343-1 Released: Thu Dec 19 11:05:27 2019 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1155668 Description: This update for lvm2 fixes the following issues: - Fix seeing a 90 Second delay during shutdown and reboot. (bsc#1155668) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3374-1 Released: Fri Dec 20 10:39:16 2019 Summary: Recommended update for python-CherryPy Type: recommended Severity: moderate References: 1158120 Description: This update for python-CherryPy fixes the following issues: - Add compatibility to make tests pass with the recent versions of Python with fixed http.client.HTTPConnection.putrequest(). (bsc#1158120, jsc#PM-1350) - Run spec-cleaner on the SPEC file. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3392-1 Released: Fri Dec 27 13:33:29 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1148987,1155338,1155339,CVE-2019-13627 Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987). Bug fixes: - Added CMAC AES self test (bsc#1155339). - Added CMAC TDES self test missing (bsc#1155338). - Fix test dsa-rfc6979 in FIPS mode. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3395-1 Released: Mon Dec 30 14:05:06 2019 Summary: Security update for mozilla-nspr, mozilla-nss Type: security Severity: moderate References: 1141322,1158527,1159819,CVE-2018-18508,CVE-2019-11745,CVE-2019-17006 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:9-1 Released: Thu Jan 2 12:33:47 2020 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1157438 Description: This update for xfsprogs fixes the following issues: - Remove the 'xfs_scrub_all' script from the package, and the corresponding dependency of python. (bsc#1157438) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:10-1 Released: Thu Jan 2 12:35:06 2020 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1146475 Description: This update for gcc7 fixes the following issues: - Fix miscompilation with thread-safe localstatic initialization (gcc#85887). - Fix debug info created for array definitions that complete an earlier declaration (bsc#1146475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:22-1 Released: Tue Jan 7 12:39:59 2020 Summary: Recommended update for python-numpy Type: recommended Severity: moderate References: 1149203,SLE-8532 Description: This update for python-numpy fixes the following issues: - Add new random module including selectable random number generators: MT19937, PCG64, Philox and SFC64 (bsc#1149203) - NumPy's FFT implementation was changed from fftpack to pocketfft, resulting in faster, more accurate transforms and better handling of datasets of prime length. (bsc#1149203) - New radix sort and timsort sorting methods. (bsc#1149203) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:27-1 Released: Tue Jan 7 14:47:07 2020 Summary: Recommended update for rdma-core Type: recommended Severity: moderate References: 1137131,1137132,1140601,1157891 Description: This update for rdma-core fixes the following issues: - Add Broadcom fixes for libbnxtre. (bsc#1157891) - Disable libmlx dependencies for libibverbs on s390x 32 bits. (bsc#1140601) - Fix baselibs configuration removing conflict with -32b and older (early rdma-core) libraries. - Add missing Obsoletes/Conflicts/Provides to handle updates from SP2. (bsc#1137131, bsc#1137132) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:36-1 Released: Wed Jan 8 10:26:46 2020 Summary: Recommended update for python-pyOpenSSL Type: recommended Severity: low References: 1159989 Description: This update fixes the build of python-pyOpenSSL in 2020 (bsc#1159989). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:69-1 Released: Fri Jan 10 12:33:59 2020 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1155346,1157775,1158101,1158809,CVE-2019-1551,SLE-8789 Description: This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Various FIPS related improvements were done: - FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775). - Port FIPS patches from SLE-12 (bsc#1158101). - Use SHA-2 in the RSA pairwise consistency check (bsc#1155346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:114-1 Released: Thu Jan 16 10:11:52 2020 Summary: Security update for python3 Type: security Severity: important References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Description: This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:129-1 Released: Mon Jan 20 09:21:13 2020 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:160-1 Released: Wed Jan 22 13:18:10 2020 Summary: Recommended update for ceph Type: recommended Severity: moderate References: 1124556,1131817,1132337,1134365,1137227,1140504,1140879,1141203,1145571,1145756,1148360,1148498,1153876,1154230,1155045,1155463,1155655,1155950,1156571,1157611,1158923,1158925,1158926,1158927,1158929,1158930,1158931,1158932,1158933,1160920 Description: This update for ceph fixes the following issues: Update to 14.2.5-371-g3551250731: + upstream Nautilus 14.2.5 point release, see https://ceph.io/releases/v14-2-5-nautilus-released/ * health warnings will be issued if daemons have recently crashed (bsc#1158923) * pg_num must be a power of two, otherwise HEALTH_WARN (bsc#1158925) * pool size must be > 1, otherwise HEALTH_WARN (bsc#1158926) * health warning if average OSD heartbeat ping time exceeds threshold (bsc#1158927) * changes in the telemetry MGR module (bsc#1158929) * new OSD daemon command dump_recovery_reservations (bsc#1158930) * new OSD daemon command dump_scrub_reservations (bsc#1158931) * RGW now supports S3 Object Lock set of APIs (bsc#1158932) * RGW now supports List Objects V2 (bsc#1158933) + mon: keep v1 address type when explicitly (bsc#1140879) + doc: mention --namespace option in rados manpage (bsc#1157611) + mgr/dashboard: Remove env_build from e2e:ci + ceph-volume: check if we run in an selinux environment + qa/dashboard_e2e_tests.sh: Automatically use correct chromedriver version (bsc#1155950) Update to 14.2.4-1283-g9ab65f8799: + rebase on tip of upstream nautilus, SHA1 9989c20373e2294b7479ec4bd6ac5cce80b01645 * rgw: add S3 object lock feature to support object worm (jsc#SES-582) * os/bluestore: apply garbage collection against excessive blob count growth (bsc#1124556) * doc: update bluestore cache settings and clarify data fraction (bsc#1131817) * mgr/dashboard: Allow the decrease of pg's of an existing pool (bsc#1132337) * core: Improve health status for backfill_toofull and recovery_toofull and fix backfill_toofull seen on cluster where the most full OSD is at 1% (bsc#1134365) * mgr/dashboard: Set RO as the default access_type for RGW NFS exports (bsc#1137227) * mgr/dashboard: Allow disabling redirection on standby Dashboards (bsc#1140504) * rgw: dns name is not case sensitive (bsc#1141203) * os/bluestore: shallow fsck mode and legacy statfs auto repair (bsc#1145571) * mgr/dashboard: Display WWN and LUN number in iSCSI target details (bsc#1145756) * mgr/dashboard: access_control: add grafana scope read access to *-manager roles (bsc#1148360) * mgr/dashboard: internationalization support with AOT enabled (bsc#1148498) * mgr/dashboard: Fix data point alignment in MDS counters chart (bsc#1153876) * mgr/balancer: python3 compatibility issue (bsc#1154230) * mgr/dashboard: add debug mode, and accept expected exception when SSL handshaking (bsc#1155045) * mgr/{dashboard,prometheus}: return FQDN instead of '0.0.0.0' (bsc#1155463) * core: Improve health status for backfill_toofull and recovery_toofull and fix backfill_toofull seen on cluster where the most full OSD is at 1% (bsc#1155655) * mon: ensure prepare_failure() marks no_reply on op (bsc#1156571) + mgr/dashboard: Automatically use correct chromedriver version + Revert 'rgw_file: introduce fast S3 Unix stats (immutable)' because it is incompatible with NFS-Ganesha 2.8 + include hotfix from upstream v14.2.6 release (bsc#1160920): * mon/PGMap.h: disable network stats in dump_osd_stats * osd_stat_t::dump: Add option for ceph-mgr python callers to skip ping network From sle-updates at lists.suse.com Sat Feb 1 01:37:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:37:36 +0100 (CET) Subject: SUSE-CU-2020:35-1: Security update of ses/6/ceph/ceph Message-ID: <20200201083736.1A9C9F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:35-1 Container Tags : ses/6/ceph/ceph:14.2.5.382 , ses/6/ceph/ceph:14.2.5.382.1.5.108 , ses/6/ceph/ceph:latest Container Release : 1.5.108 Severity : moderate Type : security References : 1013125 1149332 1151582 1157292 1157794 1157893 1158830 1158996 1160571 1160970 1161074 1161312 CVE-2019-19126 CVE-2019-5188 CVE-2020-1699 CVE-2020-1700 ----------------------------------------------------------------- The container ses/6/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:256-1 Released: Wed Jan 29 09:39:17 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1157794,1160970 Description: This update for aaa_base fixes the following issues: - Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794) - Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:262-1 Released: Thu Jan 30 11:02:42 2020 Summary: Security update for glibc Type: security Severity: moderate References: 1149332,1151582,1157292,1157893,1158996,CVE-2019-19126 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292). Bug fixes: - Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893). - Fixed Hardware support in toolchain (bsc#1151582). - Fixed syscalls during early process initialization (SLE-8348). - Fixed an array overflow in backtrace for PowerPC (bsc#1158996). - Moved to posix_spawn on popen (bsc#1149332). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:265-1 Released: Thu Jan 30 14:05:34 2020 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1160571,CVE-2019-5188 Description: This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:279-1 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1013125 Description: This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:297-1 Released: Fri Jan 31 17:24:13 2020 Summary: Security update for ceph Type: security Severity: moderate References: 1161074,1161312,CVE-2020-1699,CVE-2020-1700 Description: This update for ceph fixes the following issues: - CVE-2020-1700: Fixed a denial of service against the RGW server via connection leakage (bsc#1161312). - CVE-2020-1699: Fixed a information disclosure by improper URL checking (bsc#1161074). From sle-updates at lists.suse.com Sat Feb 1 01:37:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:37:53 +0100 (CET) Subject: SUSE-CU-2019:754-1: Recommended update of ses/6/rook/ceph Message-ID: <20200201083753.5244FF798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:754-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.29 , ses/6/rook/ceph:latest Container Release : 1.5.29 Severity : low Type : recommended References : 1151479 1151909 1152008 ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2448-1 Released: Tue Sep 24 13:32:01 2019 Summary: Recommended update for rook Type: recommended Severity: low References: 1151479 Description: This is a Technical Preview update for rook. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2489-1 Released: Mon Sep 30 12:04:42 2019 Summary: SUSE Enterprise Storage 6 Technical Container Preview Type: optional Severity: low References: 1151909,1152008 Description: This is a technical preview for SUSE Enterprise Storage 6. From sle-updates at lists.suse.com Sat Feb 1 01:38:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:38:00 +0100 (CET) Subject: SUSE-CU-2019:755-1: Recommended update of ses/6/rook/ceph Message-ID: <20200201083800.30244F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:755-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.34 , ses/6/rook/ceph:latest Container Release : 1.5.34 Severity : low Type : recommended References : ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Sat Feb 1 01:38:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:38:07 +0100 (CET) Subject: SUSE-CU-2019:756-1: Recommended update of ses/6/rook/ceph Message-ID: <20200201083807.73B3FF798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:756-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.36 , ses/6/rook/ceph:latest Container Release : 1.5.36 Severity : moderate Type : recommended References : 1152559 1152690 ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2564-1 Released: Fri Oct 4 15:52:57 2019 Summary: Recommended update for rook Type: recommended Severity: moderate References: 1152559,1152690 Description: This update for rook fixes the following issues: - Enforces the use of the ceph kernel client driver (bsc#1152690) - Fixes an issue where rook has used the wrong version number (bsc#1152559) From sle-updates at lists.suse.com Sat Feb 1 01:38:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:38:15 +0100 (CET) Subject: SUSE-CU-2019:757-1: Recommended update of ses/6/rook/ceph Message-ID: <20200201083815.62C79F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:757-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.57 , ses/6/rook/ceph:latest Container Release : 1.5.57 Severity : low Type : recommended References : ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Sat Feb 1 01:38:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:38:23 +0100 (CET) Subject: SUSE-CU-2019:758-1: Recommended update of ses/6/rook/ceph Message-ID: <20200201083823.EAD9DF798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:758-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.59 , ses/6/rook/ceph:latest Container Release : 1.5.59 Severity : low Type : recommended References : ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Sat Feb 1 01:38:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:38:31 +0100 (CET) Subject: SUSE-CU-2019:759-1: Recommended update of ses/6/rook/ceph Message-ID: <20200201083831.B26E1F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:759-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.63 , ses/6/rook/ceph:latest Container Release : 1.5.63 Severity : low Type : recommended References : ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Sat Feb 1 01:38:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:38:40 +0100 (CET) Subject: SUSE-CU-2020:36-1: Recommended update of ses/6/rook/ceph Message-ID: <20200201083840.3549BF798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:36-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.102 , ses/6/rook/ceph:latest Container Release : 1.5.102 Severity : low Type : recommended References : ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Sat Feb 1 01:38:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:38:51 +0100 (CET) Subject: SUSE-CU-2020:37-1: Recommended update of ses/6/rook/ceph Message-ID: <20200201083851.0BABAF798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:37-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.110 , ses/6/rook/ceph:latest Container Release : 1.5.110 Severity : low Type : recommended References : ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Sat Feb 1 01:39:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:39:01 +0100 (CET) Subject: SUSE-CU-2019:760-1: Security update of ses/6/rook/ceph Message-ID: <20200201083901.E8F3BF798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:760-1 Container Tags : ses/6/rook/ceph:1.0.0.1862 , ses/6/rook/ceph:1.0.0.1862.1.5.2 , ses/6/rook/ceph:latest Container Release : 1.5.2 Severity : important Type : security References : 1005023 1009532 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1036463 1036463 1038194 1039099 1044840 1045723 1047002 1063675 1065270 1071321 1072183 1073299 1073421 1076519 1076696 1080919 1082318 1082956 1083158 1084812 1084842 1084842 1086367 1086367 1087550 1088052 1088279 1088524 1089640 1089761 1089777 1090047 1090767 1090944 1091265 1091677 1092877 1093392 1093617 1093753 1093753 1093851 1094150 1094154 1094161 1094222 1094735 1094814 1095096 1095148 1095661 1095670 1095973 1096191 1096515 1096718 1096745 1096974 1096984 1097073 1097158 1097370 1097410 1097595 1097643 1098217 1098569 1098697 1099119 1099192 1099793 1100396 1100415 1100488 1100779 1101040 1101470 1101470 1101591 1101797 1101820 1102046 1102310 1102526 1102564 1102908 1103320 1103678 1104531 1104700 1104780 1105031 1105068 1105166 1105396 1105435 1105437 1105459 1105460 1106019 1106390 1106873 1107030 1107066 1107067 1107116 1107121 1107617 1107640 1107941 1109197 1109252 1110304 1110435 1110445 1110700 1111019 1111342 1111345 1111345 1111498 1111499 1111622 1111657 1111973 1112024 1112310 1112570 1112723 1112726 1112758 1112780 1112928 1113083 1113100 1113554 1113632 1113660 1113665 1114135 1114407 1114592 1114674 1114675 1114681 1114686 1114933 1114984 1114993 1115640 1115929 1117025 1117063 1117354 1117993 1118086 1118087 1118087 1118364 1118629 1119063 1119069 1119069 1119105 1119414 1119687 1119937 1119971 1120279 1120323 1120346 1120374 1120402 1120472 1120644 1120689 1121045 1121051 1121207 1121446 1121563 1121563 1122000 1122191 1122208 1122271 1122361 1122729 1122983 1123043 1123333 1123371 1123377 1123378 1123685 1123710 1123727 1123820 1123892 1124122 1124153 1124223 1124644 1124847 1125007 1125352 1125352 1125410 1125439 1125604 1126056 1126096 1126117 1126118 1126119 1126327 1126377 1126590 1127073 1127155 1127223 1127308 1127557 1128246 1128323 1128383 1128598 1128794 1129346 1129389 1129576 1129598 1129753 1129859 1130045 1130230 1130325 1130326 1130557 1130681 1130682 1130840 1131060 1131264 1131330 1131686 1132348 1132400 1132721 1133452 1133506 1133509 1133808 1134193 1134217 1134524 1134659 1134819 1134856 1135123 1135170 1135709 1135751 1136717 1137001 1137053 1137624 1137832 1138459 1138939 1139083 1139083 1139937 1139959 1140016 1140647 1140868 1141059 1141093 1141322 1141853 1145433 915402 918346 937216 943457 953659 960273 969953 985657 991901 996146 CVE-2009-5155 CVE-2015-0247 CVE-2015-1572 CVE-2016-10739 CVE-2016-3189 CVE-2017-10790 CVE-2017-18269 CVE-2017-7500 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-0495 CVE-2018-0500 CVE-2018-0732 CVE-2018-1000654 CVE-2018-1000858 CVE-2018-10360 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 CVE-2018-10903 CVE-2018-10906 CVE-2018-11236 CVE-2018-11237 CVE-2018-12015 CVE-2018-12020 CVE-2018-12384 CVE-2018-12404 CVE-2018-12404 CVE-2018-12405 CVE-2018-14404 CVE-2018-14567 CVE-2018-14618 CVE-2018-15686 CVE-2018-15688 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-16428 CVE-2018-16429 CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 CVE-2018-16868 CVE-2018-16868 CVE-2018-16869 CVE-2018-16890 CVE-2018-17466 CVE-2018-17953 CVE-2018-18074 CVE-2018-18310 CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2018-18520 CVE-2018-18521 CVE-2018-19211 CVE-2018-20346 CVE-2018-20406 CVE-2018-20843 CVE-2018-20852 CVE-2018-6954 CVE-2018-9251 CVE-2019-10160 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-12450 CVE-2019-12749 CVE-2019-12900 CVE-2019-12900 CVE-2019-12904 CVE-2019-13012 CVE-2019-13050 CVE-2019-3822 CVE-2019-3823 CVE-2019-3829 CVE-2019-3836 CVE-2019-3842 CVE-2019-3843 CVE-2019-3844 CVE-2019-3880 CVE-2019-5010 CVE-2019-5021 CVE-2019-5436 CVE-2019-6446 CVE-2019-6454 CVE-2019-6454 CVE-2019-6706 CVE-2019-7150 CVE-2019-7665 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 CVE-2019-9169 CVE-2019-9636 CVE-2019-9811 CVE-2019-9936 CVE-2019-9937 CVE-2019-9947 SLE-3853 SLE-4117 SLE-5807 SLE-5933 SLE-6738 ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1223-1 Released: Tue Jun 26 11:41:00 2018 Summary: Security update for gpg2 Type: security Severity: important References: 1096745,CVE-2018-12020 Description: This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1264-1 Released: Tue Jul 3 10:56:12 2018 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1086367 Description: This update for curl provides the following fix: - Use OPENSSL_config() instead of CONF_modules_load_file() to avoid crashes due to conflicting openssl engines. (bsc#1086367) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1327-1 Released: Tue Jul 17 08:07:24 2018 Summary: Security update for perl Type: security Severity: moderate References: 1096718,CVE-2018-12015 Description: This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 Description: This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1334-1 Released: Tue Jul 17 09:06:41 2018 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1096515 Description: This update for mozilla-nss provides the following fixes: - Update to NSS 3.36.4 required by Firefox 60.0.2. (bsc#1096515) - Fix a problem that would cause connections to a server that was recently upgraded to TLS 1.3 to result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Use relro linker option. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1346-1 Released: Thu Jul 19 09:25:08 2018 Summary: Security update for glibc Type: security Severity: moderate References: 1082318,1092877,1094150,1094154,1094161,CVE-2017-18269,CVE-2018-11236,CVE-2018-11237 Description: This update for glibc fixes the following security issues: - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the copy operation. This may have disclosed information to context-dependent attackers, resulted in a denial of service or code execution (bsc#1094150). - CVE-2018-11236: Prevent integer overflow on 32-bit architectures when processing very long pathname arguments to the realpath function, leading to a stack-based buffer overflow (bsc#1094161). - CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function may have writen data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper (bsc#1092877, bsc#1094154). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1353-1 Released: Thu Jul 19 09:50:32 2018 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1009532,1038194,915402,918346,960273,CVE-2015-0247,CVE-2015-1572 Description: This update for e2fsprogs fixes the following issues: Security issues fixed: - CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402). - CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346). Bug fixes: - bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system. - bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system. - bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1362-1 Released: Thu Jul 19 12:47:33 2018 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1100415 Description: ca-certificates-mozilla was updated to the 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415) Following CAs were removed: * S-TRUST_Universal_Root_CA * TC_TrustCenter_Class_3_CA_II * TUeRKTRUST_Elektronik_Sertifika_Hizmet_Saglayicisi_H5 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1396-1 Released: Thu Jul 26 16:23:09 2018 Summary: Security update for rpm Type: security Severity: moderate References: 1094735,1095148,943457,CVE-2017-7500 Description: This update for rpm fixes the following issues: This security vulnerability was fixed: - CVE-2017-7500: Fixed symlink attacks during RPM installation (bsc#943457) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1409-1 Released: Fri Jul 27 06:45:10 2018 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1039099,1083158,1088052,1091265,1093851,1095096,1095973,1098569 Description: This update for systemd provides the following fixes: - systemctl: Mask always reports the same unit names when different unknown units are passed. (bsc#1095973) - systemctl: Check the existence of all units, not just the first one. - scsi_id: Fix the prefix for pre-SPC inquiry reply. (bsc#1039099) - device: Make sure to always retroactively start device dependencies. (bsc#1088052) - locale-util: On overlayfs FTW_MOUNT causes nftw(3) to not list *any* files. - Fix pattern to detect distribution. - install: The 'user' and 'global' scopes are equivalent for user presets. (bsc#1093851) - install: Search for preset files in /run (#7715) - install: Consider globally enabled units as 'enabled' for the user. (bsc#1093851) - install: Consider non-Alias=/non-DefaultInstance= symlinks as 'indirect' enablement. - install: Only consider names in Alias= as 'enabling'. - udev: Whitelist mlx4_core locally-administered MAC addresses in the persistent rule generator. (bsc#1083158) - man: Updated systemd-analyze blame description for service-units with Type=simple. (bsc#1091265) - fileio: Support writing atomic files with timestamp. - fileio.c: Fix incorrect mtime - Drop runtime dependency on dracut, otherwise systemd pulls in tools to generate the initrd even in container/chroot installations that don't have a kernel. For environments where initrd matters, dracut should be pulled via a pattern. (bsc#1098569) - An update broke booting with encrypted partitions on NVMe (bsc#1095096) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1685-1 Released: Fri Aug 17 18:20:58 2018 Summary: Security update for curl Type: security Severity: moderate References: 1099793,CVE-2018-0500 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2018-0500: Fix a SMTP send heap buffer overflow (bsc#1099793). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1754-1 Released: Fri Aug 24 16:40:21 2018 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1104780 Description: This update for ca-certificates-mozilla fixes the following issues: Updated to the 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780) - removed server auth rights from following CAs: - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - removed CA - ComSign CA - new CA added: - GlobalSign ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1760-1 Released: Fri Aug 24 17:14:53 2018 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1072183 Description: This update for libtirpc fixes the following issues: - rpcinfo: send RPC getport call as specified via parameter (bsc#1072183) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1775-1 Released: Tue Aug 28 12:40:50 2018 Summary: Recommended update for xfsprogs Type: recommended Severity: important References: 1089777,1105396 Description: This update for xfsprogs fixes the following issues: - avoid divide-by-zero when hardware reports optimal i/o size as 0 (bsc#1089777) - repair: shift inode back into place if corrupted by bad log replay (bsc#1105396). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1887-1 Released: Wed Sep 12 12:34:28 2018 Summary: Recommended update for python-websocket-client Type: recommended Severity: moderate References: 1076519 Description: This update for python-websocket-client fixes the following issues: - Use systems ca bundle file by default. (bsc#1076519) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1904-1 Released: Fri Sep 14 12:46:39 2018 Summary: Security update for curl Type: security Severity: moderate References: 1086367,1106019,CVE-2018-14618 Description: This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019) This non-security issue was fixed: - Use OPENSSL_config instead of CONF_modules_load_file() to avoid crashes due to openssl engines conflicts (bsc#1086367) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1999-1 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1071321 Description: This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2055-1 Released: Thu Sep 27 14:30:14 2018 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1089640 Description: This update for openldap2 provides the following fix: - Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2070-1 Released: Fri Sep 28 08:02:02 2018 Summary: Security update for gnutls Type: security Severity: moderate References: 1047002,1105437,1105459,1105460,CVE-2017-10790,CVE-2018-10844,CVE-2018-10845,CVE-2018-10846 Description: This update for gnutls fixes the following security issues: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (bsc#1105460) - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (bsc#1105459) - CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (bsc#1105437) - CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (bsc#1047002) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2083-1 Released: Sun Sep 30 14:06:33 2018 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1097158,1101470,CVE-2018-0732 Description: This update for openssl-1_1 to 1.1.0i fixes the following issues: These security issues were fixed: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks These non-security issues were fixed: - When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. - Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. - Fixed a text canonicalisation bug in CMS - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2138-1 Released: Thu Oct 4 15:52:15 2018 Summary: Recommended update for sudo Type: recommended Severity: low References: 1097643 Description: This update for sudo fixes the following issues: - fix permissions for /var/lib/sudo and /var/lib/sudo/ts (bsc#1097643) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2155-1 Released: Fri Oct 5 14:41:17 2018 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1101470 Description: This update for ca-certificates fixes the following issues: - Changed 'openssl' requirement to 'openssl(cli)' (bsc#1101470) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2170-1 Released: Mon Oct 8 10:31:14 2018 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1107030 Description: This update for python3 fixes the following issues: - Add -fwrapv to OPTS, which is default for python3 for bugs which are caused by avoiding it. (bsc#1107030) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2177-1 Released: Tue Oct 9 09:00:13 2018 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1095661,1095670,1100488 Description: This update for bash provides the following fixes: - Bugfix: Parse settings in inputrc for all screen TERM variables starting with 'screen.' (bsc#1095661) - Make the generation of bash.html reproducible. (bsc#1100488) - Use initgroups(3) instead of setgroups(2) to fix the usage of suid programs. (bsc#1095670) - Fix a problem that could cause hash table bash uses to store exit statuses from asynchronous processes to develop loops in circumstances involving long-running scripts that create and reap many processes. - Fix a problem that could cause the shell to loop if a SIGINT is received inside of a SIGINT trap handler. - Fix cases where a failing readline command (e.g., delete-char at the end of a line) can cause a multi-character key sequence to 'back up' and attempt to re-read some of the characters in the sequence. - Fix a problem when sourcing a file from an interactive shell, that setting the SIGINT handler to the default and typing ^C would cause the shell to exit. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2182-1 Released: Tue Oct 9 11:08:36 2018 Summary: Security update for libxml2 Type: security Severity: moderate References: 1088279,1102046,1105166,CVE-2018-14404,CVE-2018-14567,CVE-2018-9251 Description: This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2340-1 Released: Fri Oct 19 16:05:53 2018 Summary: Security update for fuse Type: security Severity: moderate References: 1101797,CVE-2018-10906 Description: This update for fuse fixes the following issues: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2346-1 Released: Mon Oct 22 09:40:46 2018 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: 1093617 Description: This update for logrotate provides the following fix: - Ensure the HOME environment variable is set to /root when logrotate is started via systemd. This allows mariadb to rotate its logs when the database has a root password defined. (bsc#1093617) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2370-1 Released: Mon Oct 22 14:02:01 2018 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1102310,1104531 Description: This update for aaa_base provides the following fixes: - Let bash.bashrc work even for (m)ksh. (bsc#1104531) - Fix an error at login if java system directory is empty. (bsc#1102310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2430-1 Released: Wed Oct 24 13:05:18 2018 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1101820,CVE-2018-10903 Description: This update for python-cryptography fixes the following issues: - CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries could have caused key leakage (bsc#1101820). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2454-1 Released: Thu Oct 25 11:19:46 2018 Summary: Recommended update for python-pyOpenSSL Type: recommended Severity: moderate References: 1110435 Description: This update for python-pyOpenSSL fixes the following issues: - Handle duplicate certificate addition using X509_STORE_add_cert so it works after upgrading to openssl 1.1.1. (bsc#1110435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 Description: This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2485-1 Released: Fri Oct 26 12:38:01 2018 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1112928 Description: This update for kmod provides the following fixes: - Allow 'modprobe -c' print the status of 'allow_unsupported_modules' option. (bsc#1112928) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2486-1 Released: Fri Oct 26 12:38:27 2018 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1105068 Description: This update for xfsprogs fixes the following issues: - Explictly disable systemd unit files for scrub (bsc#1105068). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2487-1 Released: Fri Oct 26 12:39:07 2018 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1102526 Description: This update for glibc fixes the following issues: - Fix build on aarch64 with binutils newer than 2.30. - Fix year 2039 bug for localtime with 64-bit time_t (bsc#1102526) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2539-1 Released: Tue Oct 30 16:17:23 2018 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1113100 Description: This update for rpm fixes the following issues: - On PowerPC64 fix the superfluous TOC. dependency (bsc#1113100) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 Description: This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2569-1 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1110700 Description: This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2578-1 Released: Mon Nov 5 17:55:35 2018 Summary: Security update for curl Type: security Severity: moderate References: 1112758,1113660,CVE-2018-16839,CVE-2018-16840,CVE-2018-16842 Description: This update for curl fixes the following issues: - CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758) - CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758) - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2595-1 Released: Wed Nov 7 11:14:42 2018 Summary: Security update for systemd Type: security Severity: important References: 1089761,1090944,1091677,1093753,1101040,1102908,1105031,1107640,1107941,1109197,1109252,1110445,1112024,1113083,1113632,1113665,1114135,991901,CVE-2018-15686,CVE-2018-15688 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user at .service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - core: introduce systemd.early_core_pattern= kernel cmdline option - core: add missing 'continue' statement - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197) - emergency: make sure console password agents don't interfere with the emergency shell - man: document that 'nofail' also has an effect on ordering - journald: take leading spaces into account in syslog_parse_identifier - journal: do not remove multiple spaces after identifier in syslog message - syslog: fix segfault in syslog_parse_priority() - journal: fix syslog_parse_identifier() - install: drop left-over debug message (#6913) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. - Add udev.no-partlabel-links kernel command-line option. This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used. (bsc#1089761) - man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040) - systemctl: load unit if needed in 'systemctl is-active' (bsc#1102908) - core: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944) - Enable or disable machines.target according to the presets (bsc#1107941) - cryptsetup: add support for sector-size= option (fate#325697) - nspawn: always use permission mode 555 for /sys (bsc#1107640) - Bugfix for a race condition between daemon-reload and other commands (bsc#1105031) - Fixes an issue where login with root credentials was not possible in init level 5 (bsc#1091677) - Fix an issue where services of type 'notify' harmless DENIED log entries. (bsc#991901) - Does no longer adjust qgroups on existing subvolumes (bsc#1093753) - cryptsetup: add support for sector-size= option (#9936) (fate#325697 bsc#1114135) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2607-1 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Type: recommended Severity: low References: 1084812,1084842,1087550,1094222,1102564 Description: The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2641-1 Released: Mon Nov 12 20:39:30 2018 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1098217 Description: This update for nfsidmap fixes the following issues: - Improve support for SAMBA with Active Directory. (bsc#1098217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2644-1 Released: Mon Nov 12 20:40:15 2018 Summary: Recommended update for glib2-branding Type: recommended Severity: low References: 1097595 Description: This update for glib2-branding provides the following fix: - Recommend sound-theme-freedesktop on SLE. (bsc#1097595) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2742-1 Released: Thu Nov 22 13:28:36 2018 Summary: Recommended update for rpcbind Type: recommended Severity: moderate References: 969953 Description: This update for rpcbind fixes the following issues: - Fix tool stack buffer overflow aborting (bsc#969953) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2744-1 Released: Thu Nov 22 14:30:38 2018 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1111345 Description: This update for apparmor fixes the following issues: - allow dnsmasq to open logfiles (bsc#1111345) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2780-1 Released: Mon Nov 26 17:46:10 2018 Summary: Security update for glib2 Type: security Severity: moderate References: 1107116,1107121,1111499,CVE-2018-16428,CVE-2018-16429 Description: This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference (crash). Avoid that, at the cost of introducing a new translatable error message (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issue fixed: - various GVariant parsing issues have been resolved (bsc#1111499) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2825-1 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Type: security Severity: important References: 1115640,CVE-2018-17953 Description: This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2861-1 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Type: security Severity: important References: 1103320,1115929,CVE-2018-19211 Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2873-1 Released: Fri Dec 7 13:27:36 2018 Summary: Recommended update for python-cffi Type: recommended Severity: moderate References: 1111657 Description: This update for python-cffi fixes the following issues: - Fix the testsuite of python-cffi like upstream to solve corruption at build (bsc#1111657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2961-1 Released: Mon Dec 17 19:51:40 2018 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1098697,1112780 Description: This update for psmisc provides the following fix: - Make the fuser option -m work even with mountinfo. (bsc#1098697) - Support also btrFS entries in mountinfo, that is use stat(2) to determine the device of the mounted subvolume (bsc#1098697, bsc#1112780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2984-1 Released: Wed Dec 19 11:32:39 2018 Summary: Security update for perl Type: security Severity: moderate References: 1114674,1114675,1114681,1114686,CVE-2018-18311,CVE-2018-18312,CVE-2018-18313,CVE-2018-18314 Description: This update for perl fixes the following issues: Secuirty issues fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2986-1 Released: Wed Dec 19 13:53:22 2018 Summary: Security update for libnettle Type: security Severity: moderate References: 1118086,CVE-2018-16869 Description: This update for libnettle fixes the following issues: Security issues fixed: - CVE-2018-16869: Fixed a leaky data conversion exposing a manager oracle (bsc#1118086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:3044-1 Released: Fri Dec 21 18:47:21 2018 Summary: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss Type: security Severity: important References: 1097410,1106873,1119069,1119105,CVE-2018-0495,CVE-2018-12384,CVE-2018-12404,CVE-2018-12405,CVE-2018-17466,CVE-2018-18492,CVE-2018-18493,CVE-2018-18494,CVE-2018-18498 Description: This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:6-1 Released: Wed Jan 2 20:25:25 2019 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1099119,1099192 Description: GCC 7 was updated to the GCC 7.4 release. - Fix AVR configuration to not use __cxa_atexit or libstdc++ headers. Point to /usr/avr/sys-root/include as system header include directory. - Includes fix for build with ISL 0.20. - Pulls fix for libcpp lexing bug on ppc64le manifesting during build with gcc8. [bsc#1099119] - Pulls fix for forcing compile-time tuning even when building with -march=z13 on s390x. [bsc#1099192] - Fixes support for 32bit ASAN with glibc 2.27+ ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:23-1 Released: Mon Jan 7 16:30:33 2019 Summary: Security update for gpg2 Type: security Severity: moderate References: 1120346,CVE-2018-1000858 Description: This update for gpg2 fixes the following issue: Security issue fixed: - CVE-2018-1000858: Fixed a Cross Site Request Forgery(CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF (bsc#1120346). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:44-1 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Type: recommended Severity: low References: 953659 Description: This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:56-1 Released: Thu Jan 10 15:04:46 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1111345 Description: This update for apparmor fixes the following issues: - Update the last dnsmasq fix for logfiles when running under apparmor (bsc#1111345) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:62-1 Released: Thu Jan 10 20:30:58 2019 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1119063 Description: This update for xfsprogs fixes the following issues: - Fix root inode's parent when it's bogus for sf directory (xfs repair). (bsc#1119063) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:91-1 Released: Tue Jan 15 14:14:43 2019 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1090767,1121045,1121207 Description: This update for mozilla-nss fixes the following issues: - The hmac packages used in FIPS certification inadvertently removed in last update: re-added. (bsc#1121207) - Added 'Suggest:' for libfreebl3 and libsoftokn3 respective -hmac packages to avoid dependency issues during updates (bsc#1090767, bsc#1121045) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 Description: This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:137-1 Released: Mon Jan 21 15:52:45 2019 Summary: Security update for systemd Type: security Severity: important References: 1005023,1045723,1076696,1080919,1093753,1101591,1111498,1114933,1117063,1119971,1120323,CVE-2018-16864,CVE-2018-16865,CVE-2018-16866,CVE-2018-6954 Description: This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - CVE-2018-6954: Fix mishandling of symlinks present in non-terminal path components (bsc#1080919) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - pam_systemd: Fix 'Cannot create session: Already running in a session' (bsc#1111498) - systemd-vconsole-setup: vconsole setup fails, fonts will not be copied to tty (bsc#1114933) - systemd-tmpfiles-setup: symlinked /tmp to /var/tmp breaking multiple units (bsc#1045723) - Fixed installation issue with /etc/machine-id during update (bsc#1117063) - btrfs: qgroups are assigned to parent qgroups after reboot (bsc#1093753) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:147-1 Released: Wed Jan 23 17:57:31 2019 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1121446 Description: This update for ca-certificates-mozilla fixes the following issues: The package was updated to the 2.30 version of the Mozilla NSS Certificate store. (bsc#1121446) Removed Root CAs: - AC Raiz Certicamara S.A. - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - Visa eCommerce Root Added Root CAs: - Certigna Root CA (email and server auth) - GTS Root R1 (server auth) - GTS Root R2 (server auth) - GTS Root R3 (server auth) - GTS Root R4 (server auth) - OISTE WISeKey Global Root GC CA (email and server auth) - UCA Extended Validation Root (server auth) - UCA Global G2 Root (email and server auth) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:151-1 Released: Wed Jan 23 17:58:59 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1082956,1097370,1100779,1111342,1117354,1119937,1120472 Description: This update for apparmor fixes the following issues: - Change of path of rpm in lessopen.sh (bsc#1082956, bsc#1117354) - allow network access in lessopen.sh for reading files on NFS (workaround for bsc#1119937 / lp#1784499) - dropped check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (bsc#1120472) - netconfig: write resolv.conf to /run with link to /etc (fate#325872, bsc#1097370) [patch apparmor-nameservice-resolv-conf-link.patch] Update to AppArmor 2.12.2: - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (bsc#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.2 for the detailed upstream changelog Update to AppArmor 2.12.1: - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - add support for conditional includes ('include if exists') - ignore 'abi' rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including bsc#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.1 for detailed upstream release notes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:170-1 Released: Fri Jan 25 13:43:29 2019 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1118629 Description: This update for kmod fixes the following issues: - Fixes module dependency file corruption on parallel invocation (bsc#1118629). - Allows 'modprobe -c' to print the status of 'allow_unsupported_modules' option. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:189-1 Released: Mon Jan 28 14:14:46 2019 Summary: Recommended update for rpm Type: recommended Severity: moderate References: Description: This update for rpm fixes the following issues: - Add kmod(module) provides to kernel and KMPs (fate#326579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:215-1 Released: Thu Jan 31 15:59:57 2019 Summary: Security update for python3 Type: security Severity: important References: 1120644,1122191,CVE-2018-20406,CVE-2019-5010 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:247-1 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Type: security Severity: moderate References: 1123043,CVE-2019-6706 Description: This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:248-1 Released: Wed Feb 6 08:35:20 2019 Summary: Security update for curl Type: security Severity: important References: 1123371,1123377,1123378,CVE-2018-16890,CVE-2019-3822,CVE-2019-3823 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:251-1 Released: Wed Feb 6 11:22:43 2019 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1090047 Description: This update for glib2 provides the following fix: - Enable systemtap. (fate#326393, bsc#1090047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:273-1 Released: Wed Feb 6 16:48:18 2019 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1119069,1120374,1122983,CVE-2018-12404,CVE-2018-18500,CVE-2018-18501,CVE-2018-18505 Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issues fixed: - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983). - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed: - Update to MozillaFirefox ESR 60.5.0 - Update to mozilla-nss 3.41.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:369-1 Released: Wed Feb 13 14:01:42 2019 Summary: Recommended update for itstool Type: recommended Severity: moderate References: 1065270,1111019 Description: This update for itstool and python-libxml2-python fixes the following issues: Package: itstool - Updated version to support Python3. (bnc#1111019) Package: python-libxml2-python - Fix segfault when parsing invalid data. (bsc#1065270) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:418-1 Released: Sat Feb 16 11:33:57 2019 Summary: Security update for python-numpy Type: security Severity: important References: 1122208,CVE-2019-6446 Description: This update for python-numpy fixes the following issue: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:426-1 Released: Mon Feb 18 17:46:55 2019 Summary: Security update for systemd Type: security Severity: important References: 1117025,1121563,1122000,1123333,1123727,1123892,1124153,1125352,CVE-2019-6454 Description: This update for systemd fixes the following issues: - CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352) - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - logind: fix bad error propagation - login: log session state 'closing' (as well as New/Removed) - logind: fix borked r check - login: don't remove all devices from PID1 when only one was removed - login: we only allow opening character devices - login: correct comment in session_device_free() - login: remember that fds received from PID1 need to be removed eventually - login: fix FDNAME in call to sd_pid_notify_with_fds() - logind: fd 0 is a valid fd - logind: rework sd_eviocrevoke() - logind: check file is device node before using .st_rdev - logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153) - core: add a new sd_notify() message for removing fds from the FD store again - logind: make sure we don't trip up on half-initialized session devices (bsc#1123727) - fd-util: accept that kcmp might fail with EPERM/EACCES - core: Fix use after free case in load_from_path() (bsc#1121563) - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - core: free lines after reading them (bsc#1123892) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:532-1 Released: Fri Mar 1 13:47:29 2019 Summary: Recommended update for console-setup, kbd Type: recommended Severity: moderate References: 1122361 Description: This update for console-setup and kbd provides the following fix: - Fix Shift-Tab mapping. (bsc#1122361) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:571-1 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Type: security Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 Description: This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:577-1 Released: Mon Mar 11 12:03:49 2019 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1123820,1127073 Description: This update for apparmor fixes the following issues: - apparmor prevents libvirtd from starting (bsc#1127073) - Start apparmor after filesystem remount (bsc#1123820) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:641-1 Released: Tue Mar 19 13:17:28 2019 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1112570,1114984,1114993 Description: This update for glibc provides the following fixes: - Fix Haswell CPU string flags. (bsc#1114984) - Fix waiters-after-spinning case. (bsc#1114993) - Do not relocate absolute symbols. (bsc#1112570) - Add glibc-locale-base subpackage containing only C, C.UTF-8 and en_US.UTF-8 locales. (fate#326551) - Add HWCAP_ATOMICS to HWCAP_IMPORTANT (fate#325962) - Remove slow paths from math routines. (fate#325815, fate#325879, fate#325880, fate#325881, fate#325882) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:664-1 Released: Wed Mar 20 14:54:12 2019 Summary: Recommended update for gpgme Type: recommended Severity: low References: 1121051 Description: This update for gpgme provides the following fix: - Re-generate keys in Qt tests to not expire. (bsc#1121051) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:700-1 Released: Thu Mar 21 19:54:00 2019 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1044840 Description: This update for cyrus-sasl provides the following fix: - Fix a problem that was causing syslog to be polluted with messages 'GSSAPI client step 1'. By server context the connection will be sent to the log function but the client content does not have log level information, so there is no way to stop DEBUG level logs. (bsc#1044840) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:713-1 Released: Fri Mar 22 15:55:05 2019 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1063675,1126590 Description: This update for glibc fixes the following issues: - Add MAP_SYNC from Linux 4.15 (bsc#1126590) - Add MAP_SHARED_VALIDATE from Linux 4.15 (bsc#1126590) - nptl: Preserve error in setxid thread broadcast in coredumps (bsc#1063675, BZ #22153) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:732-1 Released: Mon Mar 25 14:10:04 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1088524,1118364,1128246 Description: This update for aaa_base fixes the following issues: - Restore old position of ssh/sudo source of profile (bsc#1118364). - Update logic for JRE_HOME env variable (bsc#1128246) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:788-1 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1119687,CVE-2018-20346 Description: This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 Description: This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:791-1 Released: Thu Mar 28 12:06:50 2019 Summary: Security update for libnettle Type: recommended Severity: moderate References: 1129598 Description: This update for libnettle to version 3.4.1 fixes the following issues: Issues addressed and new features: - Updated to 3.4.1 (fate#327114 and bsc#1129598) - Fixed a missing break statements in the parsing of PEM input files in pkcs1-conv. - Fixed a link error on the pss-mgf1-test which was affecting builds without public key support. - All functions using RSA private keys are now side-channel silent. This applies both to the bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of PKCS#1 padding needed for RSA decryption. - Changes in behavior: The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message buffer, independent of the actual message length. They are side-channel silent, in that branches and memory accesses don't depend on the validity or length of the message. Side-channel leakage from the caller's use of length and return value may still provide an oracle useable for a Bleichenbacher-style chosen ciphertext attack. Which is why the new function rsa_sec_decrypt is recommended. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:858-1 Released: Wed Apr 3 15:50:37 2019 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1120689,1126096 Description: This update for libtirpc fixes the following issues: - Fix a yp_bind_client_create_v3: RPC: Unknown host error (bsc#1126096). - add an option to enforce connection via protocol version 2 first (bsc#1120689). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:866-1 Released: Thu Apr 4 11:24:48 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1120279,1125439 Description: This update for apparmor fixes the following issues: - Add /proc/pid/tcp and /proc/pid/tcp6 entries to the apparmor profile. (bsc#1125439) - allow network access and notify file creation/access (bsc#1120279) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:894-1 Released: Fri Apr 5 17:16:23 2019 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1119414,1126327,1129753,SLE-3853,SLE-4117 Description: This update for rpm fixes the following issues: - This update shortens RPM changelog to after a certain cut off date (bsc#1129753) - Translate dashes to underscores in kmod provides (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1119414). - Re-add symset-table from SLE 12 (bsc#1126327). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:903-1 Released: Mon Apr 8 15:41:44 2019 Summary: Security update for glibc Type: security Severity: moderate References: 1100396,1122729,1130045,CVE-2016-10739 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2016-10739: Fixed an improper implementation of getaddrinfo function which could allow applications to incorrectly assume that had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings (bsc#1122729). Other issue fixed: - Fixed an issue where pthread_mutex_trylock did not use a correct order of instructions while maintained the robust mutex list due to missing compiler barriers (bsc#1130045). - Added new Japanese Era name support (bsc#1100396). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:966-1 Released: Wed Apr 17 12:20:13 2019 Summary: Recommended update for python-rpm-macros Type: recommended Severity: moderate References: 1128323 Description: This update for python-rpm-macros fixes the following issues: The Python RPM macros were updated to version 20190408.32abece, fixing bugs (bsc#1128323) * Add missing $ expansion on the pytest call * Rewrite pytest and pytest_arch into Lua macros with multiple arguments. * We should preserve existing PYTHONPATH. * Add --ignore to pytest calls to ignore build directories. * Actually make pytest into function to capture arguments as well * Add pytest definitions. * Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros. * Fix an issue with epoch printing having too many \ * add epoch while printing 'Provides:' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:971-1 Released: Wed Apr 17 14:43:26 2019 Summary: Security update for python3 Type: security Severity: important References: 1129346,CVE-2019-9636 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1002-1 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1110304,1129576 Description: This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1040-1 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Type: security Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1105-1 Released: Tue Apr 30 12:10:58 2019 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1084842,1114592,1124644,1128794,1129389,1131264,SLE-6738 Description: This update for gcc7 fixes the following issues: Update to gcc-7-branch head (r270528). - Disables switch jump-tables when retpolines are used. This restores some lost performance for kernel builds with retpolines. (bsc#1131264, jsc#SLE-6738) - Fix ICE compiling tensorflow on aarch64. (bsc#1129389) - Fix for aarch64 FMA steering pass use-after-free. (bsc#1128794) - Fix for s390x FP load-and-test issue. (bsc#1124644) - Improve build reproducability by disabling address-space randomization during build. - Adjust gnat manual entries in the info directory. (bsc#1114592) - Includes fix to no longer try linking -lieee with -mieee-fp. (bsc#1084842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1121-1 Released: Tue Apr 30 18:02:43 2019 Summary: Security update for gnutls Type: security Severity: important References: 1118087,1130681,1130682,CVE-2018-16868,CVE-2019-3829,CVE-2019-3836 Description: This update for gnutls fixes to version 3.6.7 the following issues: Security issued fixed: - CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages (bsc#1130682). - CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API (bsc#1130681). - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (bsc#1118087) Non-security issue fixed: - Update gnutls to support TLS 1.3 (fate#327114) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1127-1 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 Description: This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1206-1 Released: Fri May 10 14:01:55 2019 Summary: Security update for bzip2 Type: security Severity: low References: 985657,CVE-2016-3189 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1312-1 Released: Wed May 22 12:19:12 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1096191 Description: This update for aaa_base fixes the following issue: * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1351-1 Released: Fri May 24 14:41:10 2019 Summary: Security update for gnutls Type: security Severity: important References: 1118087,1134856,CVE-2018-16868 Description: This update for gnutls fixes the following issues: Security issue fixed: - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed: - Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1352-1 Released: Fri May 24 14:41:44 2019 Summary: Security update for python3 Type: security Severity: moderate References: 1130840,1133452,CVE-2019-9947 Description: This update for python3 to version 3.6.8 fixes the following issues: Security issue fixed: - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). Non-security issue fixed: - Fixed broken debuginfo packages by switching off LTO and PGO optimization (bsc#1133452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1357-1 Released: Mon May 27 13:29:15 2019 Summary: Security update for curl Type: security Severity: important References: 1135170,CVE-2019-5436 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1364-1 Released: Tue May 28 10:51:38 2019 Summary: Security update for systemd Type: security Severity: moderate References: 1036463,1121563,1124122,1125352,1125604,1126056,1127557,1130230,1132348,1132400,1132721,1133506,1133509,CVE-2019-3842,CVE-2019-3843,CVE-2019-3844,CVE-2019-6454,SLE-5933 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). - CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). - CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: - logind: fix killing of scopes (bsc#1125604) - namespace: make MountFlags=shared work again (bsc#1124122) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - Do not automatically online memory on s390x (bsc#1127557) - Removed sg.conf (bsc#1036463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1368-1 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Type: security Severity: important References: 1134524,CVE-2019-5021 Description: This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1372-1 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1105435,CVE-2018-1000654 Description: This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1484-1 Released: Thu Jun 13 07:46:46 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1128383 Description: This update for e2fsprogs fixes the following issues: - Check and fix tails of all bitmap blocks (bsc#1128383) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1486-1 Released: Thu Jun 13 09:40:24 2019 Summary: Security update for elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665 Description: This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1487-1 Released: Thu Jun 13 09:40:56 2019 Summary: Security update for python-requests Type: security Severity: moderate References: 1111622,CVE-2018-18074 Description: This update for python-requests to version 2.20.1 fixes the following issues: Security issue fixed: - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1590-1 Released: Thu Jun 20 19:49:57 2019 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1128598 Description: This update for permissions fixes the following issues: - Added whitelisting for /usr/lib/singularity/bin/starter-suid in the new singularity 3.1 version. (bsc#1128598) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1594-1 Released: Fri Jun 21 10:17:15 2019 Summary: Security update for glib2 Type: security Severity: important References: 1103678,1137001,CVE-2019-12450 Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed: - glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1595-1 Released: Fri Jun 21 10:17:44 2019 Summary: Security update for dbus-1 Type: security Severity: important References: 1137832,CVE-2019-12749 Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1616-1 Released: Fri Jun 21 11:04:39 2019 Summary: Recommended update for rpcbind Type: recommended Severity: moderate References: 1134659 Description: This update for rpcbind fixes the following issues: - Change rpcbind locking path from /var/run/rpcbind.lock to /run/rpcbind.lock. (bsc#1134659) - Change the order of socket/service in the %postun scriptlet to avoid an error from rpcbind.socket when rpcbind is running during package update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1627-1 Released: Fri Jun 21 11:15:11 2019 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1073421,1122271,1129859 Description: This update for xfsprogs fixes the following issues: - xfs_repair: will now allow '/' in attribute names (bsc#1122271) - xfs_repair: will now allow zeroing of corrupt log (bsc#1073421) - enabdled offline (unmounted) filesystem geometry queries (bsc#1129859) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1631-1 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Type: recommended Severity: low References: 1135709 Description: This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1635-1 Released: Fri Jun 21 12:45:53 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1134217 Description: This update for krb5 provides the following fix: - Move LDAP schema files from /usr/share/doc/packages/krb5 to /usr/share/kerberos/ldap. (bsc#1134217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1700-1 Released: Tue Jun 25 13:19:21 2019 Summary: Security update for libssh Type: recommended Severity: moderate References: 1134193 Description: This update for libssh fixes the following issue: Issue addressed: - Added support for new AES-GCM encryption types (bsc#1134193). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1737-1 Released: Wed Jul 3 21:12:04 2019 Summary: Recommended update for rdma-core Type: recommended Severity: moderate References: 996146 Description: This update for rdma-core fixes the following issues: - Fix man page of mlx5dv_create_flow_action_modify_header. (bsc#996146) - Fix libhns flush cqe in case multi-process. (bsc#996146) - Fix ibacm: acme does not work if server_mode is not unix. (bsc#996146) - Fix verbs: The ibv_xsrq_pingpong '-c' option is broken. (bsc#996146) - Fix mlx5: Fix masking service level in mlx5_create_ah. (bsc#996146) - Fix cmake: Explicitly convert build type to be STRING. (bsc#996146) - Fix libhns: Bugfix for filtering zero length sge. (bsc#996146) - Fix buildlib: Ensure stanza is properly sorted. (bsc#996146) - Fix debian: Create empty pyverbs package for builds without pyverbs. (bsc#996146) - Fix verbs: Fix attribute returning. (bsc#996146) - Fix build: Fix pyverbs build issues on Debian. (bsc#996146) - Fix travis: Change SuSE package target due to Travis CI failures. (bsc#996146) - Fix verbs: Avoid inline send when using device memory in rc_pingpong. (bsc#996146) - Fix mlx5: Use copy loop to read from device memory. (bsc#996146) - Fix verbs: clear cmd buffer when creating indirection table. (bsc#996146) - Fix libhns: Bugfix for using buffer length. (bsc#996146) - Fix incorrect error handling when SQ wqe count is 0. (bsc#996146) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1808-1 Released: Wed Jul 10 13:16:29 2019 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1133808 Description: This update for libgcrypt fixes the following issues: - Fixed redundant fips tests in some situations causing sudo to stop working when pam-kwallet is installed. bsc#1133808 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 Description: This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1833-1 Released: Fri Jul 12 17:53:51 2019 Summary: Security update for glib2 Type: security Severity: moderate References: 1139959,CVE-2019-13012 Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1835-1 Released: Fri Jul 12 18:06:31 2019 Summary: Security update for expat Type: security Severity: moderate References: 1139937,CVE-2018-20843 Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1846-1 Released: Mon Jul 15 11:36:33 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1853-1 Released: Mon Jul 15 16:03:36 2019 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1107617,1137053 Description: This update for systemd fixes the following issues: - conf-parse: remove 4K line length limit (bsc#1137053) - udevd: change the default value of udev.children-max (again) (bsc#1107617) - meson: stop creating enablement symlinks in /etc during installation (sequel) - Fixed build for openSUSE Leap 15+ - Make sure we don't ship any static enablement symlinks in /etc Those symlinks must only be created by the presets. There are no changes in practice since systemd/udev doesn't ship such symlinks in /etc but let's make sure no future changes will introduce new ones by mistake. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1869-1 Released: Wed Jul 17 14:03:20 2019 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1140868,CVE-2019-11709,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11715,CVE-2019-11717,CVE-2019-11719,CVE-2019-11729,CVE-2019-11730,CVE-2019-9811 Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1877-1 Released: Thu Jul 18 11:31:46 2019 Summary: Security update for glibc Type: security Severity: moderate References: 1117993,1123710,1127223,1127308,1131330,CVE-2009-5155,CVE-2019-9169 Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Does no longer compress debug sections in crt*.o files (bsc#1123710) - Fixes a concurrency problem in ldconfig (bsc#1117993) - Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1971-1 Released: Thu Jul 25 14:58:52 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1138939,CVE-2019-12904 Description: This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1984-1 Released: Fri Jul 26 00:15:46 2019 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1036463,1127155,1134819,937216 Description: This update for suse-module-tools fixes the following issues: - Softdep of bridge on br_netfilter. (bsc#937216, bsc#1134819) - Install sg.conf under /usr/lib/modules-load.d and avoid file conflict with systemd. (bsc#1036463) - weak-modules2: Emit 'inconsistent' warning only if replacement fails. (bsc#1127155) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1994-1 Released: Fri Jul 26 16:12:05 2019 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1135123 Description: This update for libxml2 fixes the following issues: - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2004-1 Released: Mon Jul 29 13:01:59 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2006-1 Released: Mon Jul 29 13:02:49 2019 Summary: Security update for gpg2 Type: security Severity: important References: 1124847,1141093,CVE-2019-13050 Description: This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed a denial of service attacks via big keys (bsc#1141093). Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2050-1 Released: Tue Aug 6 09:42:37 2019 Summary: Security update for python3 Type: security Severity: important References: 1094814,1138459,1141853,CVE-2018-20852,CVE-2019-10160 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Non-security issue fixed: - Fixed an issue where the SIGINT signal was ignored or not handled (bsc#1094814). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2085-1 Released: Wed Aug 7 13:58:43 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1135751 Description: This update for apparmor fixes the following issues: - Profile updates for dnsmasq, dovecot, identd, syslog-ng - Parser: fix 'Px -> foo-bar' (the '-' was rejected before) - Add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys. - Fix build with swig 4.0. (bsc#1135751) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2097-1 Released: Fri Aug 9 09:31:17 2019 Summary: Recommended update for libgcrypt Type: recommended Severity: important References: 1097073 Description: This update for libgcrypt fixes the following issues: - Fixed a regression where system were unable to boot in fips mode, caused by an incomplete implementation of previous change (bsc#1097073). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2134-1 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1136717,1137624,1141059,SLE-5807 Description: This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2142-1 Released: Wed Aug 14 18:14:04 2019 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1141322 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.45 (bsc#1141322) : * New function in pk11pub.h: PK11_FindRawCertsWithSubject * The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374) * Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078). * Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579) * Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262) * Add IPSEC IKE support to softoken (bmo#1546229) * Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616) * Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed. * Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime. mozilla-nspr was updated to version 4.21 * Changed prbit.h to use builtin function on aarch64. * Removed Gonk/B2G references. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2188-1 Released: Wed Aug 21 10:10:29 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1140647 Description: This update for aaa_base fixes the following issues: - Make systemd detection cgroup oblivious. (bsc#1140647) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2190-1 Released: Wed Aug 21 17:00:34 2019 Summary: SUSE Enterprise Storage 6 Technical Container Preview Type: optional Severity: low References: 1145433 Description: This is a technical preview for SUSE Enterprise Storage 6. From sle-updates at lists.suse.com Sat Feb 1 01:39:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:39:10 +0100 (CET) Subject: SUSE-CU-2019:761-1: Security update of ses/6/rook/ceph Message-ID: <20200201083910.3FCC1F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:761-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.29 , ses/6/rook/ceph:latest Container Release : 1.5.29 Severity : important Type : security References : 1073313 1081947 1081947 1082293 1082318 1085196 1088358 1106214 1111388 1112438 1114845 1121197 1122417 1122666 1125689 1125886 1127701 1129071 1132663 1132900 1133773 1134616 1135534 1135708 1135984 1136245 1137296 1141113 1141883 1143055 1143194 1143273 1144047 1144169 1145383 1146182 1146184 1146866 1148494 1149203 1149429 1149495 1149496 1150003 1150250 1150895 1151479 1151909 1152008 1152326 353876 CVE-2017-17740 CVE-2019-11236 CVE-2019-11324 CVE-2019-13057 CVE-2019-13565 CVE-2019-14806 CVE-2019-1547 CVE-2019-1563 CVE-2019-15903 CVE-2019-5481 CVE-2019-5482 CVE-2019-6446 CVE-2019-9511 CVE-2019-9513 CVE-2019-9740 SLE-6094 SLE-8532 SLE-9132 ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2218-1 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Type: recommended Severity: moderate References: 1141883 Description: This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2241-1 Released: Wed Aug 28 14:58:49 2019 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1144169 Description: This update for ca-certificates-mozilla fixes the following issues: ca-certificates-mozillawas updated to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169) Removed CAs: - Certinomis - Root CA Includes new root CAs from the 2.32 version: - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2306-1 Released: Thu Sep 5 14:39:23 2019 Summary: Recommended update for parted Type: recommended Severity: moderate References: 1082318,1136245 Description: This update for parted fixes the following issues: - Included several minor bug fixes - for more details please refer to this rpm's changelog (bsc#1136245) - Installs the license file in the correct directory (bsc#1082318) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2307-1 Released: Thu Sep 5 14:45:08 2019 Summary: Security update for util-linux and shadow Type: security Severity: moderate References: 1081947,1082293,1085196,1106214,1121197,1122417,1125886,1127701,1135534,1135708,1141113,353876 Description: This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Prevent outdated pam files (bsc#1082293). - De-duplicate fstrim -A properly (bsc#1127701). - Do not trim read-only volumes (bsc#1106214). - Integrate pam_keyinit pam module to login (bsc#1081947). - Perform one-time reset of /etc/default/su (bsc#1121197). - Fix problems in reading of login.defs values (bsc#1121197) - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add RemainAfterExit=yes (bsc#1135534). - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - libmount: print a blacklist hint for 'unknown filesystem type' (jsc#SUSE-4085, fate#326832) - Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197). shadow: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Fix segfault in useradd during setting password inactivity period. (bsc#1141113) - Hardening for su wrappers (bsc#353876) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2332-1 Released: Mon Sep 9 10:17:16 2019 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1129071,1132663,1132900,CVE-2019-11236,CVE-2019-11324,CVE-2019-9740 Description: This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2361-1 Released: Thu Sep 12 07:54:54 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1081947,1144047 Description: This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2365-1 Released: Thu Sep 12 11:23:31 2019 Summary: Security update for python-Werkzeug Type: security Severity: moderate References: 1145383,CVE-2019-14806 Description: This update for python-Werkzeug fixes the following issues: Security issue fixed: - CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container (bsc#1145383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2367-1 Released: Thu Sep 12 12:59:37 2019 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1122666,1135984,1137296 Description: This update for lvm2 fixes the following issues: - Fix unknown feature in status message (bsc#1135984) - Fix using device aliases with lvmetad (bsc#1137296) - Fix devices drop open error message (bsc#1122666) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2373-1 Released: Thu Sep 12 14:18:53 2019 Summary: Security update for curl Type: security Severity: important References: 1149495,1149496,CVE-2019-5481,CVE-2019-5482 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2395-1 Released: Wed Sep 18 08:31:38 2019 Summary: Security update for openldap2 Type: security Severity: moderate References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565 Description: This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2403-1 Released: Wed Sep 18 16:14:29 2019 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1150003,1150250,CVE-2019-1547,CVE-2019-1563 Description: This update for openssl-1_1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2416-1 Released: Fri Sep 20 12:51:10 2019 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1148494,SLE-6094 Description: This update for suse-module-tools fixes the following issues: - Remove 'modhash' as it has moved to mokutil package. (jsc#SLE-6094, bsc#1148494) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2422-1 Released: Fri Sep 20 16:36:43 2019 Summary: Recommended update for python-urllib3 Type: recommended Severity: moderate References: 1150895 Description: This update for python-urllib3 fixes the following issues: - Add missing dependency on python-six (bsc#1150895) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2423-1 Released: Fri Sep 20 16:41:45 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1146866,SLE-9132 Description: This update for aaa_base fixes the following issues: Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132) Following settings have been tightened (and set to 0): - net.ipv4.conf.all.accept_redirects - net.ipv4.conf.default.accept_redirects - net.ipv4.conf.default.accept_source_route - net.ipv6.conf.all.accept_redirects - net.ipv6.conf.default.accept_redirects ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2429-1 Released: Mon Sep 23 09:28:40 2019 Summary: Security update for expat Type: security Severity: moderate References: 1149429,CVE-2019-15903 Description: This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2448-1 Released: Tue Sep 24 13:32:01 2019 Summary: Recommended update for rook Type: recommended Severity: low References: 1151479 Description: This is a Technical Preview update for rook. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2462-1 Released: Wed Sep 25 16:43:04 2019 Summary: Security update for python-numpy Type: security Severity: moderate References: 1149203,CVE-2019-6446,SLE-8532 Description: This update for python-numpy fixes the following issues: Non-security issues fixed: - Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2473-1 Released: Thu Sep 26 10:02:03 2019 Summary: Security update for nghttp2 Type: security Severity: moderate References: 1112438,1125689,1134616,1146182,1146184,CVE-2019-9511,CVE-2019-9513 Description: This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#11461). Bug fixes and enhancements: - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Feature: Add W&S module (FATE#326776, bsc#1112438) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2483-1 Released: Fri Sep 27 14:16:23 2019 Summary: Optional update for python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate. Type: optional Severity: low References: 1088358 Description: This update ships python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate for the SUSE Linux Enterprise Public Cloud 15 module. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2488-1 Released: Mon Sep 30 11:24:28 2019 Summary: Optional update for ceph Type: optional Severity: low References: 1152326 Description: This update will just be released to the codestream to align the versions (bsc#1152326) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2489-1 Released: Mon Sep 30 12:04:42 2019 Summary: SUSE Enterprise Storage 6 Technical Container Preview Type: optional Severity: low References: 1151909,1152008 Description: This is a technical preview for SUSE Enterprise Storage 6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2418-1 Released: Thu Nov 14 11:53:03 2019 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1133773,1143055 Description: This update for bash fixes the following issues: - Rework patch readline-7.0-screen (bsc#1143055): map all 'screen(-xxx)?.yyy(-zzz)?' to 'screen' as well as map 'konsole(-xxx)?' and 'gnome(-xxx)?' to 'xterm' - Add a backport from bash 5.0 to perform better with large numbers of sub processes. (bsc#1133773) From sle-updates at lists.suse.com Sat Feb 1 01:39:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:39:18 +0100 (CET) Subject: SUSE-CU-2019:762-1: Security update of ses/6/rook/ceph Message-ID: <20200201083918.A374CF798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:762-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.34 , ses/6/rook/ceph:latest Container Release : 1.5.34 Severity : moderate Type : security References : 1082318 1128828 1142614 1150137 CVE-2019-16168 CVE-2019-9893 ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2517-1 Released: Wed Oct 2 10:49:20 2019 Summary: Security update for libseccomp Type: security Severity: moderate References: 1082318,1128828,1142614,CVE-2019-9893 Description: This update for libseccomp fixes the following issues: Security issues fixed: - CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828) libseccomp was updated to new upstream release 2.4.1: - Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893): - Update the syscall table for Linux v5.0-rc5 - Added support for the SCMP_ACT_KILL_PROCESS action - Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute - Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension - Added support for the parisc and parisc64 architectures - Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) - Return -EDOM on an endian mismatch when adding an architecture to a filter - Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() - Fix PFC generation when a syscall is prioritized, but no rule exists - Numerous fixes to the seccomp-bpf filter generation code - Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 - Numerous tests added to the included test suite, coverage now at ~92% - Update our Travis CI configuration to use Ubuntu 16.04 - Numerous documentation fixes and updates libseccomp was updated to release 2.3.3: - Updated the syscall table for Linux v4.15-rc7 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2533-1 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1150137,CVE-2019-16168 Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). From sle-updates at lists.suse.com Sat Feb 1 01:39:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:39:27 +0100 (CET) Subject: SUSE-CU-2019:763-1: Recommended update of ses/6/rook/ceph Message-ID: <20200201083927.4FA13F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:763-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.36 , ses/6/rook/ceph:latest Container Release : 1.5.36 Severity : moderate Type : recommended References : 1152559 1152690 ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2564-1 Released: Fri Oct 4 15:52:57 2019 Summary: Recommended update for rook Type: recommended Severity: moderate References: 1152559,1152690 Description: This update for rook fixes the following issues: - Enforces the use of the ceph kernel client driver (bsc#1152690) - Fixes an issue where rook has used the wrong version number (bsc#1152559) From sle-updates at lists.suse.com Sat Feb 1 01:39:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:39:35 +0100 (CET) Subject: SUSE-CU-2019:764-1: Security update of ses/6/rook/ceph Message-ID: <20200201083935.F3EBAF798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:764-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.57 , ses/6/rook/ceph:latest Container Release : 1.5.57 Severity : important Type : security References : 1049825 1051143 1071995 1092100 1109412 1109413 1109414 1110797 1111996 1112534 1112535 1113247 1113252 1113255 1116827 1116995 1118644 1118830 1118831 1120629 1120630 1120631 1120640 1121034 1121035 1121056 1121753 1127155 1127608 1130306 1131113 1131823 1133131 1133232 1134226 1135749 1137977 1138869 1139459 1139795 1140039 1140631 1141897 1141913 1142343 1142649 1142772 1145023 1145521 1145716 1146027 1146415 1146947 1148517 1149121 1149145 1149792 1149792 1149792 1149955 1150451 1150595 1150733 1151023 1151490 1152101 1152590 1153165 1153238 1153557 1153674 1153936 1154016 1154025 1154217 859480 CVE-2018-1000876 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2019-1010180 CVE-2019-14250 CVE-2019-14287 CVE-2019-14853 CVE-2019-14859 CVE-2019-15847 CVE-2019-16056 CVE-2019-16935 CVE-2019-17543 CVE-2019-3689 CVE-2019-5094 ECO-368 PM-1350 SLE-6206 SLE-7687 SLE-9426 ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2626-1 Released: Thu Oct 10 17:22:35 2019 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1110797 Description: This update for permissions fixes the following issues: - Updated permissons for amanda. (bsc#1110797) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2645-1 Released: Fri Oct 11 17:11:23 2019 Summary: Recommended update for python-cryptography Type: recommended Severity: moderate References: 1149792 Description: This update for python-cryptography fixes the following issues: - Adds compatibility to openSSL 1.1.1d (bsc#1149792) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2647-1 Released: Fri Oct 11 17:12:06 2019 Summary: Recommended update for python-pyOpenSSL Type: recommended Severity: moderate References: 1149792 Description: This update for python-pyOpenSSL fixes the following issues: - Adds compatibility for openSSL 1.1.1d (bsc#1149792) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2656-1 Released: Mon Oct 14 17:02:24 2019 Summary: Security update for sudo Type: security Severity: important References: 1153674,CVE-2019-14287 Description: This update for sudo fixes the following issue: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2676-1 Released: Tue Oct 15 21:06:54 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1145716,1152101,CVE-2019-5094 Description: This update for e2fsprogs fixes the following issues: Security issue fixed: - CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101) Non-security issue fixed: - libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2693-1 Released: Wed Oct 16 16:43:30 2019 Summary: Recommended update for rpcbind Type: recommended Severity: moderate References: 1142343 Description: This update for rpcbind fixes the following issues: - Return correct IP address with multiple ip addresses in the same subnet. (bsc#1142343) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2702-1 Released: Wed Oct 16 18:41:30 2019 Summary: Security update for gcc7 Type: security Severity: moderate References: 1071995,1141897,1142649,1148517,1149145,CVE-2019-14250,CVE-2019-15847 Description: This update for gcc7 to r275405 fixes the following issues: Security issues fixed: - CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649). - CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145). Non-security issue fixed: - Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 Description: This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2742-1 Released: Tue Oct 22 15:40:16 2019 Summary: Recommended update for libzypp, zypper, libsolv and PackageKit Type: recommended Severity: important References: 1049825,1116995,1120629,1120630,1120631,1127155,1127608,1130306,1131113,1131823,1134226,1135749,1137977,1139795,1140039,1145521,1146027,1146415,1146947,1153557,859480,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 Description: This update for libzypp, zypper, libsolv and PackageKit fixes the following issues: Security issues fixed in libsolv: - CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629). - CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630). - CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631). Other issues addressed in libsolv: - Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749). - Fixed an issue with the package name (bsc#1131823). - repo_add_rpmdb: do not copy bad solvables from the old solv file - Fixed an issue with cleandeps updates in which all packages were not updated - Experimental DISTTYPE_CONDA and REL_CONDA support - Fixed cleandeps jobs when using patterns (bsc#1137977) - Fixed favorq leaking between solver runs if the solver is reused - Fixed SOLVER_FLAG_FOCUS_BEST updateing packages without reason - Be more correct with multiversion packages that obsolete their own name (bnc#1127155) - Fix repository priority handling for multiversion packages - Make code compatible with swig 4.0, remove obj0 instances - repo2solv: support zchunk compressed data - Remove NO_BRP_STRIP_DEBUG=true as brp-15-strip-debug will not strip debug info for archives Issues fixed in libzypp: - Fix empty metalink downloads if filesize is unknown (bsc#1153557) - Recognize riscv64 as architecture - Fix installation of new header file (fixes #185) - zypp.conf: Introduce `solver.focus` to define the resolvers general attitude when resolving jobs. (bsc#1146415) - New container detection algorithm for zypper ps (bsc#1146947) - Fix leaking filedescriptors in MediaCurl. (bsc#1116995) - Run file conflict check on dry-run. (bsc#1140039) - Do not remove orphan products if the .prod file is owned by a package. (bsc#1139795) - Rephrase file conflict check summary. (bsc#1140039) - Fix bash completions option detection. (bsc#1049825) - Fixes a bug where zypper exited on SIGPIPE when downloading packages (bsc#1145521) - Fixes an issue where zypper exited with a segmentation fault when updating via YaST2 (bsc#1146027) - PublicKey::algoName: supply key algorithm and length Issues fixed in zypper: - Update to version 1.14.30 - Ignore SIGPIPE while STDOUT/STDERR are OK (bsc#1145521) - Dump stacktrace on SIGPIPE (bsc#1145521) - info: The requested info must be shown in QUIET mode (fixes #287) - Fix local/remote url classification. - Rephrase file conflict check summary (bsc#1140039) - Fix bash completions option detection (bsc#1049825) - man: split '--with[out]' like options to ease searching. - Unhided 'ps' command in help - Added option to show more conflict information - Rephrased `zypper ps` hint (bsc#859480) - Fixed repo refresh not returning 106-ZYPPER_EXIT_INF_REPOS_SKIPPED if --root is used (bsc#1134226) - Fixed unknown package handling in zypper install (bsc#1127608) - Re-show progress bar after pressing retry upon install error (bsc#1131113) Issues fixed in PackageKit: - Port the cron configuration variables to the systemd timer script, and add -sendwait parameter to mail in the script(bsc#1130306). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2757-1 Released: Wed Oct 23 17:21:17 2019 Summary: Security update for lz4 Type: security Severity: moderate References: 1153936,CVE-2019-17543 Description: This update for lz4 fixes the following issues: - CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 Description: This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2779-1 Released: Thu Oct 24 16:57:42 2019 Summary: Security update for binutils Type: security Severity: moderate References: 1109412,1109413,1109414,1111996,1112534,1112535,1113247,1113252,1113255,1116827,1118644,1118830,1118831,1120640,1121034,1121035,1121056,1133131,1133232,1141913,1142772,1152590,1154016,1154025,CVE-2018-1000876,CVE-2018-17358,CVE-2018-17359,CVE-2018-17360,CVE-2018-17985,CVE-2018-18309,CVE-2018-18483,CVE-2018-18484,CVE-2018-18605,CVE-2018-18606,CVE-2018-18607,CVE-2018-19931,CVE-2018-19932,CVE-2018-20623,CVE-2018-20651,CVE-2018-20671,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945,CVE-2019-1010180,ECO-368,SLE-6206 Description: This update for binutils fixes the following issues: binutils was updated to current 2.32 branch [jsc#ECO-368]. Includes following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO build issues (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section - Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016). - Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590). Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Fix broken debug symbols (bsc#1118644) - Handle ELF compressed header alignment correctly. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2782-1 Released: Fri Oct 25 14:27:52 2019 Summary: Security update for nfs-utils Type: security Severity: moderate References: 1150733,CVE-2019-3689 Description: This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2802-1 Released: Tue Oct 29 11:39:05 2019 Summary: Security update for python3 Type: security Severity: moderate References: 1149121,1149792,1149955,1151490,1153238,CVE-2019-16056,CVE-2019-16935,PM-1350,SLE-9426 Description: This update for python3 to 3.6.9 fixes the following issues: Security issues fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Non-security issues fixed: - Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL. (bsc#1151490) - Improved locale handling by implementing PEP 538. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2812-1 Released: Tue Oct 29 14:57:55 2019 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1139459,1140631,1145023,1150595,SLE-7687 Description: This update for systemd provides the following fixes: - Fix a problem that would cause invoking try-restart to an inactive service to hang when a daemon-reload is invoked before the try-restart returned. (bsc#1139459) - man: Add a note about _netdev usage. - units: Replace remote-cryptsetup-pre.target with remote-fs-pre.target. - units: Add [Install] section to remote-cryptsetup.target. - cryptsetup: Ignore _netdev, since it is used in generator. - cryptsetup-generator: Use remote-cryptsetup.target when _netdev is present. (jsc#SLE-7687) - cryptsetup-generator: Add a helper utility to create symlinks. - units: Add remote-cryptsetup.target and remote-cryptsetup-pre.target. - man: Add an explicit description of _netdev to systemd.mount(5). - man: Order fields alphabetically in crypttab(5). - man: Make crypttab(5) a bit easier to read. - units: Order cryptsetup-pre.target before cryptsetup.target. - Fix reporting of enabled-runtime units. - sd-bus: Deal with cookie overruns. (bsc#1150595) - rules: Add by-id symlinks for persistent memory. (bsc#1140631) - Buildrequire polkit so /usr/share/polkit-1/rules.d subdir can be only owned by polkit. (bsc#1145023) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2870-1 Released: Thu Oct 31 08:09:14 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1051143,1138869,1151023 Description: This update for aaa_base provides the following fixes: - Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869) - Add s390x compressed kernel support. (bsc#1151023) - service: Check if there is a second argument before using it. (bsc#1051143) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2891-1 Released: Mon Nov 4 17:47:10 2019 Summary: Security update for python-ecdsa Type: security Severity: moderate References: 1153165,1154217,CVE-2019-14853,CVE-2019-14859 Description: This update for python-ecdsa to version 0.13.3 fixes the following issues: Security issues fixed: - CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165). - CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217). From sle-updates at lists.suse.com Sat Feb 1 01:39:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:39:44 +0100 (CET) Subject: SUSE-CU-2019:765-1: Recommended update of ses/6/rook/ceph Message-ID: <20200201083944.9D012F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:765-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.59 , ses/6/rook/ceph:latest Container Release : 1.5.59 Severity : moderate Type : recommended References : 1151481 ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2929-1 Released: Thu Nov 7 16:45:13 2019 Summary: Recommended update for python-kubernetes Type: recommended Severity: moderate References: 1151481 Description: This update for python-kubernetes fixes the following issues: - python-ipaddress is only required for building on Python2 (on Python3 is part of the standard library) - Backport fix for base64 padding in kubeconfig (bsc#1151481) From sle-updates at lists.suse.com Sat Feb 1 01:39:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:39:53 +0100 (CET) Subject: SUSE-CU-2019:766-1: Security update of ses/6/rook/ceph Message-ID: <20200201083953.4F017F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:766-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.63 , ses/6/rook/ceph:latest Container Release : 1.5.63 Severity : important Type : security References : 1103320 1132767 1134444 1135584 1137503 1140491 1141174 1145093 1145617 1145618 1145759 1146656 1147132 1149093 1150406 1151439 1151990 1151991 1151992 1151993 1151994 1151995 1152002 1154019 1154036 1154037 1156282 CVE-2019-10222 CVE-2019-17594 CVE-2019-17595 ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2980-1 Released: Thu Nov 14 22:45:33 2019 Summary: Optional update for curl Type: optional Severity: low References: 1154019 Description: This update for curl doesn't address any user visible issues. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2994-1 Released: Mon Nov 18 13:34:33 2019 Summary: Security update for ceph Type: security Severity: important References: 1132767,1134444,1135584,1137503,1140491,1141174,1145093,1145617,1145618,1145759,1146656,1147132,1149093,1150406,1151439,1151990,1151991,1151992,1151993,1151994,1151995,1152002,1156282,CVE-2019-10222 Description: This update for ceph fixes the following issues: - A previous update introduced a regression with the potential to cause RocksDB data corruption in Nautilus (bsc#1156282). - Support for iSCSI target-level CHAP authentication was added (bsc#1145617). - Implemented validation and rendering of iSCSI controls based 'type' (bsc#1140491). - Fixed an error while editing iSCSI image advanced settings (bsc#1146656). - Fixed a ceph-volume regression. SES customers were never exposed to this regression (bsc#1132767). - Fixed a denial of service vulnerability where an unauthenticated client of Ceph Object Gateway could trigger a crash from an uncaught exception (bsc#1145093, CVE-2019-10222) - Nautilus-based librbd clients could not open images on Jewel clusters (bsc#1151994). - The RGW num_rados_handles has been removed (bsc#1151995). - 'osd_deep_scrub_large_omap_object_key_threshold' has been lowered in Nautilus (bsc#1152002). - The ceph dashboard now supports silencing Prometheus notifications (bsc#1141174). - The no{up,down,in,out} related commands have been revamped (bsc#1151990). - Radosgw-admin got two new subcommands for managing expire-stale objects (bsc#1151991).. - Deploying a single new BlueStore OSD on a cluster upgraded to SES6 from SES5 used to break pool utilization stats reported by ceph df (bsc#1151992). - Ceph clusters will issue a health warning if CRUSH tunables are older than 'hammer' (bsc#1151993). - Ceph-volume prints errors to stdout with --format json (bsc#1132767). - Changing rgw-api-host in the dashboard does not get effective without disable/enable dashboard mgr module (bsc#1137503). - Silenced Alertmanager alerts in the dashboard (bsc#1141174). - Fixed e2e failures in the dashboard caused by webdriver version (bsc#1145759) - librbd always tries to acquire exclusive lock when removing image an (bsc#1149093). Fixes in ses-manual_en: - Added a new chapter with changelogs of Ceph releases. (bsc#1135584) - Rewrote rolling updates and replaced running stage.0 with manual commands to prevent infinite loop. (bsc#1134444) - Improved name of CaaSP to its fuller version. (bsc#1151439) - Verify which OSD's are going to be removed before running stage.5. (bsc#1150406) - Added two additional steps to recovering an OSD. (bsc#1147132) Fixes in ceph-iscsi: - Validate kernel LIO controls type and value (bsc#1140491) - TPG lun_id persistence (bsc#1145618) - Target level CHAP authentication (bsc#1145617) ceph-iscsi was updated to the upstream 3.2 release: - Always use host FQDN instead of shortname - Validate min/max value for target controls and rbd:user/tcmu-runner image controls (bsc#1140491) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2997-1 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Type: security Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). From sle-updates at lists.suse.com Sat Feb 1 01:40:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:40:07 +0100 (CET) Subject: SUSE-CU-2020:38-1: Security update of ses/6/rook/ceph Message-ID: <20200201084007.2A4F9F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:38-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.102 , ses/6/rook/ceph:latest Container Release : 1.5.102 Severity : important Type : security References : 1007715 1027282 1029377 1029902 1040164 1042670 1070853 1079761 1081750 1083507 1084934 1086001 1088004 1088009 1088573 1093414 1094814 1107030 1109663 1109847 1114592 1120644 1122191 1123919 1124556 1129346 1130840 1131817 1132337 1133452 1134365 1135254 1137131 1137132 1137227 1137942 1138459 1140504 1140601 1140879 1141203 1141322 1141853 1141897 1142152 1142649 1142654 1145231 1145554 1145571 1145756 1146415 1146475 1148360 1148498 1148517 1148987 1149121 1149145 1149203 1149511 1149792 1149955 1150734 1151490 1152755 1153238 1153351 1153876 1154230 1154295 1154871 1154884 1154887 1155045 1155199 1155338 1155339 1155346 1155407 1155463 1155655 1155668 1155950 1156571 1157198 1157278 1157438 1157611 1157775 1157891 1158095 1158095 1158101 1158120 1158527 1158809 1158923 1158925 1158926 1158927 1158929 1158930 1158931 1158932 1158933 1159035 1159622 1159819 1159989 1160920 637176 658604 673071 709442 743787 747125 751718 754447 754677 787526 809831 831629 834601 871152 885662 885882 917607 942751 951166 983582 984751 985177 985348 989523 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-18508 CVE-2018-20406 CVE-2018-20852 CVE-2019-10160 CVE-2019-11745 CVE-2019-12290 CVE-2019-13627 CVE-2019-14250 CVE-2019-14866 CVE-2019-14889 CVE-2019-14889 CVE-2019-1551 CVE-2019-15847 CVE-2019-15903 CVE-2019-16056 CVE-2019-16935 CVE-2019-17006 CVE-2019-18224 CVE-2019-3688 CVE-2019-3690 CVE-2019-5010 CVE-2019-9636 CVE-2019-9947 SLE-6533 SLE-6536 SLE-8532 SLE-8789 SLE-9171 ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3010-1 Released: Tue Nov 19 18:10:58 2019 Summary: Recommended update for zypper and libsolv Type: recommended Severity: moderate References: 1145554,1146415,1149511,1153351,SLE-9171 Description: This update for zypper and libsolv fixes the following issues: Package: zypper - Improved the documentation of $releasever and --releasever usescases (bsc#1149511) - zypper will now ask only once when multiple packages share the same license text (bsc#1145554) - Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus mode when resolving jobs (bsc#1146415) - Fixes an issue where 'zypper lu' didn't list all available package updates (bsc#1153351) - Added a new --repo option to the 'download' command to allow to specify a repository (jsc#SLE-9171) Package: libsolv - Fixes issues when updating too many packages in focusbest mode - Fixes the handling of disabled and installed packages in distupgrade ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3040-1 Released: Fri Nov 22 11:59:52 2019 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1145231 Description: This update for lvm2 fixes the following issues: - Adds a fix to detect MD devices by LVM2 with metadata=1.0/0.9 (bsc#1145231) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3059-1 Released: Mon Nov 25 17:33:07 2019 Summary: Security update for cpio Type: security Severity: moderate References: 1155199,CVE-2019-14866 Description: This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3061-1 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Type: security Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 Description: This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3070-1 Released: Tue Nov 26 12:39:29 2019 Summary: Recommended update for gpg2 Type: recommended Severity: low References: 1152755 Description: This update for gpg2 provides the following fix: - Remove a build requirement on self. This is causing Leap 15.2 bootstrap to fail. (bsc#1152755) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 Description: This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3087-1 Released: Thu Nov 28 10:03:00 2019 Summary: Security update for libxml2 Type: security Severity: low References: 1123919 Description: This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3118-1 Released: Fri Nov 29 14:41:35 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1154295 Description: This update for e2fsprogs fixes the following issues: - Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3166-1 Released: Wed Dec 4 11:24:42 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1007715,1084934,1157278 Description: This update for aaa_base fixes the following issues: - Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934) - Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715) - Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3167-1 Released: Wed Dec 4 11:27:35 2019 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1142152 Description: This update for suse-module-tools fixes the following issues: - Add dependency of papr_scm on libnvdimm in the initrd image. (bsc#1142152, ltc#176292, FATE#327775). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3172-1 Released: Wed Dec 4 11:46:44 2019 Summary: Recommended update for libstoragemgmt Type: recommended Severity: moderate References: 1155407 Description: This update for libstoragemgmt ships two new sub-packages (fate#327790 bsc#1155407): - libstoragemgmt-hpsa-plugin: HP SmartArray plugin. - libstoragemgmt-megaraid-plugin: LSI MegaRaid plugin. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3181-1 Released: Thu Dec 5 11:43:07 2019 Summary: Security update for permissions Type: security Severity: moderate References: 1093414,1150734,1157198,CVE-2019-3688,CVE-2019-3690 Description: This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused sagmentation fault (bsc#1157198). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3240-1 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Type: recommended Severity: moderate References: 1154871 Description: This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3267-1 Released: Wed Dec 11 11:19:53 2019 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3343-1 Released: Thu Dec 19 11:05:27 2019 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1155668 Description: This update for lvm2 fixes the following issues: - Fix seeing a 90 Second delay during shutdown and reboot. (bsc#1155668) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3374-1 Released: Fri Dec 20 10:39:16 2019 Summary: Recommended update for python-CherryPy Type: recommended Severity: moderate References: 1158120 Description: This update for python-CherryPy fixes the following issues: - Add compatibility to make tests pass with the recent versions of Python with fixed http.client.HTTPConnection.putrequest(). (bsc#1158120, jsc#PM-1350) - Run spec-cleaner on the SPEC file. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3392-1 Released: Fri Dec 27 13:33:29 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1148987,1155338,1155339,CVE-2019-13627 Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987). Bug fixes: - Added CMAC AES self test (bsc#1155339). - Added CMAC TDES self test missing (bsc#1155338). - Fix test dsa-rfc6979 in FIPS mode. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3395-1 Released: Mon Dec 30 14:05:06 2019 Summary: Security update for mozilla-nspr, mozilla-nss Type: security Severity: moderate References: 1141322,1158527,1159819,CVE-2018-18508,CVE-2019-11745,CVE-2019-17006 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:9-1 Released: Thu Jan 2 12:33:47 2020 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1157438 Description: This update for xfsprogs fixes the following issues: - Remove the 'xfs_scrub_all' script from the package, and the corresponding dependency of python. (bsc#1157438) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:10-1 Released: Thu Jan 2 12:35:06 2020 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1146475 Description: This update for gcc7 fixes the following issues: - Fix miscompilation with thread-safe localstatic initialization (gcc#85887). - Fix debug info created for array definitions that complete an earlier declaration (bsc#1146475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:22-1 Released: Tue Jan 7 12:39:59 2020 Summary: Recommended update for python-numpy Type: recommended Severity: moderate References: 1149203,SLE-8532 Description: This update for python-numpy fixes the following issues: - Add new random module including selectable random number generators: MT19937, PCG64, Philox and SFC64 (bsc#1149203) - NumPy's FFT implementation was changed from fftpack to pocketfft, resulting in faster, more accurate transforms and better handling of datasets of prime length. (bsc#1149203) - New radix sort and timsort sorting methods. (bsc#1149203) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:27-1 Released: Tue Jan 7 14:47:07 2020 Summary: Recommended update for rdma-core Type: recommended Severity: moderate References: 1137131,1137132,1140601,1157891 Description: This update for rdma-core fixes the following issues: - Add Broadcom fixes for libbnxtre. (bsc#1157891) - Disable libmlx dependencies for libibverbs on s390x 32 bits. (bsc#1140601) - Fix baselibs configuration removing conflict with -32b and older (early rdma-core) libraries. - Add missing Obsoletes/Conflicts/Provides to handle updates from SP2. (bsc#1137131, bsc#1137132) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:36-1 Released: Wed Jan 8 10:26:46 2020 Summary: Recommended update for python-pyOpenSSL Type: recommended Severity: low References: 1159989 Description: This update fixes the build of python-pyOpenSSL in 2020 (bsc#1159989). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:69-1 Released: Fri Jan 10 12:33:59 2020 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1155346,1157775,1158101,1158809,CVE-2019-1551,SLE-8789 Description: This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Various FIPS related improvements were done: - FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775). - Port FIPS patches from SLE-12 (bsc#1158101). - Use SHA-2 in the RSA pairwise consistency check (bsc#1155346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:114-1 Released: Thu Jan 16 10:11:52 2020 Summary: Security update for python3 Type: security Severity: important References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Description: This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:129-1 Released: Mon Jan 20 09:21:13 2020 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:160-1 Released: Wed Jan 22 13:18:10 2020 Summary: Recommended update for ceph Type: recommended Severity: moderate References: 1124556,1131817,1132337,1134365,1137227,1140504,1140879,1141203,1145571,1145756,1148360,1148498,1153876,1154230,1155045,1155463,1155655,1155950,1156571,1157611,1158923,1158925,1158926,1158927,1158929,1158930,1158931,1158932,1158933,1160920 Description: This update for ceph fixes the following issues: Update to 14.2.5-371-g3551250731: + upstream Nautilus 14.2.5 point release, see https://ceph.io/releases/v14-2-5-nautilus-released/ * health warnings will be issued if daemons have recently crashed (bsc#1158923) * pg_num must be a power of two, otherwise HEALTH_WARN (bsc#1158925) * pool size must be > 1, otherwise HEALTH_WARN (bsc#1158926) * health warning if average OSD heartbeat ping time exceeds threshold (bsc#1158927) * changes in the telemetry MGR module (bsc#1158929) * new OSD daemon command dump_recovery_reservations (bsc#1158930) * new OSD daemon command dump_scrub_reservations (bsc#1158931) * RGW now supports S3 Object Lock set of APIs (bsc#1158932) * RGW now supports List Objects V2 (bsc#1158933) + mon: keep v1 address type when explicitly (bsc#1140879) + doc: mention --namespace option in rados manpage (bsc#1157611) + mgr/dashboard: Remove env_build from e2e:ci + ceph-volume: check if we run in an selinux environment + qa/dashboard_e2e_tests.sh: Automatically use correct chromedriver version (bsc#1155950) Update to 14.2.4-1283-g9ab65f8799: + rebase on tip of upstream nautilus, SHA1 9989c20373e2294b7479ec4bd6ac5cce80b01645 * rgw: add S3 object lock feature to support object worm (jsc#SES-582) * os/bluestore: apply garbage collection against excessive blob count growth (bsc#1124556) * doc: update bluestore cache settings and clarify data fraction (bsc#1131817) * mgr/dashboard: Allow the decrease of pg's of an existing pool (bsc#1132337) * core: Improve health status for backfill_toofull and recovery_toofull and fix backfill_toofull seen on cluster where the most full OSD is at 1% (bsc#1134365) * mgr/dashboard: Set RO as the default access_type for RGW NFS exports (bsc#1137227) * mgr/dashboard: Allow disabling redirection on standby Dashboards (bsc#1140504) * rgw: dns name is not case sensitive (bsc#1141203) * os/bluestore: shallow fsck mode and legacy statfs auto repair (bsc#1145571) * mgr/dashboard: Display WWN and LUN number in iSCSI target details (bsc#1145756) * mgr/dashboard: access_control: add grafana scope read access to *-manager roles (bsc#1148360) * mgr/dashboard: internationalization support with AOT enabled (bsc#1148498) * mgr/dashboard: Fix data point alignment in MDS counters chart (bsc#1153876) * mgr/balancer: python3 compatibility issue (bsc#1154230) * mgr/dashboard: add debug mode, and accept expected exception when SSL handshaking (bsc#1155045) * mgr/{dashboard,prometheus}: return FQDN instead of '0.0.0.0' (bsc#1155463) * core: Improve health status for backfill_toofull and recovery_toofull and fix backfill_toofull seen on cluster where the most full OSD is at 1% (bsc#1155655) * mon: ensure prepare_failure() marks no_reply on op (bsc#1156571) + mgr/dashboard: Automatically use correct chromedriver version + Revert 'rgw_file: introduce fast S3 Unix stats (immutable)' because it is incompatible with NFS-Ganesha 2.8 + include hotfix from upstream v14.2.6 release (bsc#1160920): * mon/PGMap.h: disable network stats in dump_osd_stats * osd_stat_t::dump: Add option for ceph-mgr python callers to skip ping network From sle-updates at lists.suse.com Sat Feb 1 01:40:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2020 09:40:17 +0100 (CET) Subject: SUSE-CU-2020:39-1: Security update of ses/6/rook/ceph Message-ID: <20200201084017.B85D1F798@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:39-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.110 , ses/6/rook/ceph:latest Container Release : 1.5.110 Severity : moderate Type : security References : 1013125 1149332 1151582 1157292 1157794 1157893 1158830 1158996 1160571 1160970 1161074 1161312 CVE-2019-19126 CVE-2019-5188 CVE-2020-1699 CVE-2020-1700 ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:256-1 Released: Wed Jan 29 09:39:17 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1157794,1160970 Description: This update for aaa_base fixes the following issues: - Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794) - Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:262-1 Released: Thu Jan 30 11:02:42 2020 Summary: Security update for glibc Type: security Severity: moderate References: 1149332,1151582,1157292,1157893,1158996,CVE-2019-19126 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292). Bug fixes: - Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893). - Fixed Hardware support in toolchain (bsc#1151582). - Fixed syscalls during early process initialization (SLE-8348). - Fixed an array overflow in backtrace for PowerPC (bsc#1158996). - Moved to posix_spawn on popen (bsc#1149332). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:265-1 Released: Thu Jan 30 14:05:34 2020 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1160571,CVE-2019-5188 Description: This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:279-1 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1013125 Description: This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:297-1 Released: Fri Jan 31 17:24:13 2020 Summary: Security update for ceph Type: security Severity: moderate References: 1161074,1161312,CVE-2020-1699,CVE-2020-1700 Description: This update for ceph fixes the following issues: - CVE-2020-1700: Fixed a denial of service against the RGW server via connection leakage (bsc#1161312). - CVE-2020-1699: Fixed a information disclosure by improper URL checking (bsc#1161074). From sle-updates at lists.suse.com Sun Feb 2 11:28:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Feb 2020 19:28:55 +0100 (CET) Subject: SUSE-CU-2020:40-1: Recommended update of suse/sle15 Message-ID: <20200202182855.037A6FC56@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:40-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.141 Container Release : 4.22.141 Severity : moderate Type : recommended References : 1013125 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:279-1 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1013125 Description: This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) From sle-updates at lists.suse.com Sun Feb 2 11:31:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Feb 2020 19:31:46 +0100 (CET) Subject: SUSE-CU-2020:41-1: Recommended update of suse/sle15 Message-ID: <20200202183146.9FEA0F79E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:41-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.153 Container Release : 6.2.153 Severity : moderate Type : recommended References : 1013125 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:279-1 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1013125 Description: This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) From sle-updates at lists.suse.com Mon Feb 3 04:11:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Feb 2020 12:11:11 +0100 (CET) Subject: SUSE-RU-2020:0298-1: moderate: Recommended update for nfs-ganesha Message-ID: <20200203111111.D9416F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-ganesha ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0298-1 Rating: moderate References: #1161330 #1161793 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nfs-ganesha fixes the following issues: - Fixes an issue where ganesha doesn't read the rados_url properly (bsc#1161793) - Fixes an issue where the service could not started on certain systems (bsc#1161330) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2020-298=1 Package List: - SUSE Enterprise Storage 6 (aarch64 x86_64): libganesha_nfsd2_8-2.8.3+git0.d504d374e-3.3.1 libganesha_nfsd2_8-debuginfo-2.8.3+git0.d504d374e-3.3.1 libntirpc1_8-2.8.3+git0.d504d374e-3.3.1 libntirpc1_8-debuginfo-2.8.3+git0.d504d374e-3.3.1 nfs-ganesha-2.8.3+git0.d504d374e-3.3.1 nfs-ganesha-ceph-2.8.3+git0.d504d374e-3.3.1 nfs-ganesha-ceph-debuginfo-2.8.3+git0.d504d374e-3.3.1 nfs-ganesha-debuginfo-2.8.3+git0.d504d374e-3.3.1 nfs-ganesha-rados-grace-2.8.3+git0.d504d374e-3.3.1 nfs-ganesha-rados-grace-debuginfo-2.8.3+git0.d504d374e-3.3.1 nfs-ganesha-rados-urls-2.8.3+git0.d504d374e-3.3.1 nfs-ganesha-rados-urls-debuginfo-2.8.3+git0.d504d374e-3.3.1 nfs-ganesha-rgw-2.8.3+git0.d504d374e-3.3.1 nfs-ganesha-rgw-debuginfo-2.8.3+git0.d504d374e-3.3.1 References: https://bugzilla.suse.com/1161330 https://bugzilla.suse.com/1161793 From sle-updates at lists.suse.com Mon Feb 3 07:11:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Feb 2020 15:11:10 +0100 (CET) Subject: SUSE-RU-2020:0299-1: moderate: Recommended update for Azure CLI Message-ID: <20200203141110.B32C2F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for Azure CLI ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0299-1 Rating: moderate References: #1146672 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update supplies the Azure CLI binaries tools to the SUSE Linux Enterprise 12 Public Cloud Module. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-299=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): azure-cli-2.0.18-2.3.1 azure-cli-acr-2.0.12-2.3.2 azure-cli-acs-2.0.16-2.3.2 azure-cli-appservice-0.1.17-2.3.2 azure-cli-backup-1.0.1-2.3.2 azure-cli-batch-3.1.4-2.3.2 azure-cli-billing-0.1.5-2.3.2 azure-cli-cdn-0.0.9-2.3.2 azure-cli-cloud-2.0.8-2.3.1 azure-cli-cognitiveservices-0.1.8-2.3.2 azure-cli-command-modules-nspkg-2.0.1-2.3.1 azure-cli-component-2.0.7-2.3.2 azure-cli-configure-2.0.11-2.3.1 azure-cli-consumption-0.1.5-2.3.2 azure-cli-container-0.1.11-2.3.2 azure-cli-core-2.0.17-2.3.2 azure-cli-cosmosdb-0.1.13-2.3.2 azure-cli-dla-0.0.12-2.3.1 azure-cli-dls-0.0.14-2.3.1 azure-cli-eventgrid-0.1.4-2.3.2 azure-cli-extension-0.0.3-2.3.2 azure-cli-feedback-2.0.6-2.3.1 azure-cli-find-0.2.7-2.3.1 azure-cli-interactive-0.3.10-2.3.2 azure-cli-iot-0.1.12-2.3.2 azure-cli-keyvault-2.0.11-2.3.2 azure-cli-lab-0.0.11-2.3.2 azure-cli-monitor-0.0.10-2.3.2 azure-cli-network-2.0.15-2.3.2 azure-cli-nspkg-3.0.1-2.3.1 azure-cli-profile-2.0.13-2.3.2 azure-cli-rdbms-0.0.7-2.3.2 azure-cli-redis-0.2.9-2.3.2 azure-cli-resource-2.0.15-2.3.2 azure-cli-role-2.0.12-2.3.2 azure-cli-servicefabric-0.0.4-2.3.2 azure-cli-sql-2.0.12-2.3.2 azure-cli-storage-2.0.16-2.3.2 azure-cli-taskhelp-0.1.7-2.3.1 azure-cli-vm-2.0.15-2.3.2 References: https://bugzilla.suse.com/1146672 From sle-updates at lists.suse.com Mon Feb 3 10:11:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Feb 2020 18:11:38 +0100 (CET) Subject: SUSE-RU-2020:0301-1: important: Recommended update for tomcat Message-ID: <20200203171138.57A00F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0301-1 Rating: important References: #1162081 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tomcat fixes the following issue: - Fix websocket example code to work properly with Java 1.8. (bsc#1162081) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-301=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-301=1 - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2020-301=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-301=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-301=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-301=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): tomcat-9.0.30-3.37.1 tomcat-admin-webapps-9.0.30-3.37.1 tomcat-el-3_0-api-9.0.30-3.37.1 tomcat-jsp-2_3-api-9.0.30-3.37.1 tomcat-lib-9.0.30-3.37.1 tomcat-servlet-4_0-api-9.0.30-3.37.1 tomcat-webapps-9.0.30-3.37.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): tomcat-9.0.30-3.37.1 tomcat-admin-webapps-9.0.30-3.37.1 tomcat-el-3_0-api-9.0.30-3.37.1 tomcat-jsp-2_3-api-9.0.30-3.37.1 tomcat-lib-9.0.30-3.37.1 tomcat-servlet-4_0-api-9.0.30-3.37.1 tomcat-webapps-9.0.30-3.37.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): tomcat-9.0.30-3.37.1 tomcat-admin-webapps-9.0.30-3.37.1 tomcat-el-3_0-api-9.0.30-3.37.1 tomcat-jsp-2_3-api-9.0.30-3.37.1 tomcat-lib-9.0.30-3.37.1 tomcat-servlet-4_0-api-9.0.30-3.37.1 tomcat-webapps-9.0.30-3.37.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): tomcat-docs-webapp-9.0.30-3.37.1 tomcat-embed-9.0.30-3.37.1 tomcat-javadoc-9.0.30-3.37.1 tomcat-jsvc-9.0.30-3.37.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): tomcat-9.0.30-3.37.1 tomcat-admin-webapps-9.0.30-3.37.1 tomcat-el-3_0-api-9.0.30-3.37.1 tomcat-jsp-2_3-api-9.0.30-3.37.1 tomcat-lib-9.0.30-3.37.1 tomcat-servlet-4_0-api-9.0.30-3.37.1 tomcat-webapps-9.0.30-3.37.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): tomcat-9.0.30-3.37.1 tomcat-admin-webapps-9.0.30-3.37.1 tomcat-el-3_0-api-9.0.30-3.37.1 tomcat-jsp-2_3-api-9.0.30-3.37.1 tomcat-lib-9.0.30-3.37.1 tomcat-servlet-4_0-api-9.0.30-3.37.1 tomcat-webapps-9.0.30-3.37.1 References: https://bugzilla.suse.com/1162081 From sle-updates at lists.suse.com Mon Feb 3 10:12:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Feb 2020 18:12:19 +0100 (CET) Subject: SUSE-SU-2020:0302-1: important: Security update for python36 Message-ID: <20200203171219.61D79F798@maintenance.suse.de> SUSE Security Update: Security update for python36 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0302-1 Rating: important References: #1027282 #1029377 #1081750 #1083507 #1086001 #1088009 #1094814 #1109663 #1137942 #1138459 #1141853 #1149121 #1149429 #1149792 #1149955 #1151490 #1159035 #1159622 #709442 #951166 #983582 Cross-References: CVE-2017-18207 CVE-2018-1000802 CVE-2018-1060 CVE-2018-20852 CVE-2019-10160 CVE-2019-15903 CVE-2019-16056 CVE-2019-5010 CVE-2019-9636 CVE-2019-9947 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 11 fixes is now available. Description: This update for python36 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ signs (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-302=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.10-4.3.5 libpython3_6m1_0-debuginfo-3.6.10-4.3.5 python36-3.6.10-4.3.5 python36-base-3.6.10-4.3.5 python36-base-debuginfo-3.6.10-4.3.5 python36-base-debugsource-3.6.10-4.3.5 python36-debuginfo-3.6.10-4.3.5 python36-debugsource-3.6.10-4.3.5 References: https://www.suse.com/security/cve/CVE-2017-18207.html https://www.suse.com/security/cve/CVE-2018-1000802.html https://www.suse.com/security/cve/CVE-2018-1060.html https://www.suse.com/security/cve/CVE-2018-20852.html https://www.suse.com/security/cve/CVE-2019-10160.html https://www.suse.com/security/cve/CVE-2019-15903.html https://www.suse.com/security/cve/CVE-2019-16056.html https://www.suse.com/security/cve/CVE-2019-5010.html https://www.suse.com/security/cve/CVE-2019-9636.html https://www.suse.com/security/cve/CVE-2019-9947.html https://bugzilla.suse.com/1027282 https://bugzilla.suse.com/1029377 https://bugzilla.suse.com/1081750 https://bugzilla.suse.com/1083507 https://bugzilla.suse.com/1086001 https://bugzilla.suse.com/1088009 https://bugzilla.suse.com/1094814 https://bugzilla.suse.com/1109663 https://bugzilla.suse.com/1137942 https://bugzilla.suse.com/1138459 https://bugzilla.suse.com/1141853 https://bugzilla.suse.com/1149121 https://bugzilla.suse.com/1149429 https://bugzilla.suse.com/1149792 https://bugzilla.suse.com/1149955 https://bugzilla.suse.com/1151490 https://bugzilla.suse.com/1159035 https://bugzilla.suse.com/1159622 https://bugzilla.suse.com/709442 https://bugzilla.suse.com/951166 https://bugzilla.suse.com/983582 From sle-updates at lists.suse.com Mon Feb 3 10:15:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Feb 2020 18:15:26 +0100 (CET) Subject: SUSE-RU-2020:0303-1: moderate: Recommended update for perl-ldap Message-ID: <20200203171526.EB5DEF79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-ldap ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0303-1 Rating: moderate References: #1158918 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl-ldap fixes the following issues: The package is added to the Basesystem module, as it is required by the YAST modules "dhcp-server" and "dns-server". (bsc#1158918) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-303=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-303=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): perl-ldap-0.65-1.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): perl-Convert-ASN1-0.27-1.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): perl-ldap-0.65-1.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): perl-Convert-ASN1-0.27-1.3.1 References: https://bugzilla.suse.com/1158918 From sle-updates at lists.suse.com Mon Feb 3 13:11:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Feb 2020 21:11:08 +0100 (CET) Subject: SUSE-RU-2020:0308-1: moderate: Recommended update for lvm2 Message-ID: <20200203201108.93463F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0308-1 Rating: moderate References: #1150021 #1155668 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lvm2 fixes the following issues: - Fix LVM Metadata Error: Error writing device at 4096 length 512 (bsc#1150021). - Fix seeing a 90 Second delay on shutdown and reboot (bsc#1155668). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-308=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-308=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-308=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-308=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-308=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-308=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-308=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): device-mapper-devel-1.02.149-9.26.1 lvm2-debuginfo-2.02.180-9.26.1 lvm2-debugsource-2.02.180-9.26.1 lvm2-devel-2.02.180-9.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): device-mapper-devel-1.02.149-9.26.1 lvm2-debuginfo-2.02.180-9.26.1 lvm2-debugsource-2.02.180-9.26.1 lvm2-devel-2.02.180-9.26.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.149-9.26.1 device-mapper-debuginfo-1.02.149-9.26.1 lvm2-2.02.180-9.26.1 lvm2-debuginfo-2.02.180-9.26.1 lvm2-debugsource-2.02.180-9.26.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): device-mapper-32bit-1.02.149-9.26.1 device-mapper-debuginfo-32bit-1.02.149-9.26.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.149-9.26.1 device-mapper-debuginfo-1.02.149-9.26.1 lvm2-2.02.180-9.26.1 lvm2-debuginfo-2.02.180-9.26.1 lvm2-debugsource-2.02.180-9.26.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): device-mapper-32bit-1.02.149-9.26.1 device-mapper-debuginfo-32bit-1.02.149-9.26.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): lvm2-clvm-2.02.180-9.26.1 lvm2-clvm-debuginfo-2.02.180-9.26.1 lvm2-cmirrord-2.02.180-9.26.1 lvm2-cmirrord-debuginfo-2.02.180-9.26.1 lvm2-debuginfo-2.02.180-9.26.1 lvm2-debugsource-2.02.180-9.26.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): lvm2-clvm-2.02.180-9.26.1 lvm2-clvm-debuginfo-2.02.180-9.26.1 lvm2-cmirrord-2.02.180-9.26.1 lvm2-cmirrord-debuginfo-2.02.180-9.26.1 lvm2-debuginfo-2.02.180-9.26.1 lvm2-debugsource-2.02.180-9.26.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): device-mapper-1.02.149-9.26.1 device-mapper-32bit-1.02.149-9.26.1 device-mapper-debuginfo-1.02.149-9.26.1 device-mapper-debuginfo-32bit-1.02.149-9.26.1 lvm2-2.02.180-9.26.1 lvm2-debuginfo-2.02.180-9.26.1 lvm2-debugsource-2.02.180-9.26.1 References: https://bugzilla.suse.com/1150021 https://bugzilla.suse.com/1155668 From sle-updates at lists.suse.com Mon Feb 3 13:12:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Feb 2020 21:12:09 +0100 (CET) Subject: SUSE-RU-2020:0305-1: moderate: Recommended update for ldb Message-ID: <20200203201209.AFCB9F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for ldb ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0305-1 Rating: moderate References: #1161417 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ldb fixes the following issue: - ship the ldb-tools package. (bsc#1161417) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-305=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-305=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-305=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-305=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): ldb-debugsource-1.1.26-12.2.1 ldb-tools-1.1.26-12.2.1 ldb-tools-debuginfo-1.1.26-12.2.1 libldb1-1.1.26-12.2.1 libldb1-32bit-1.1.26-12.2.1 libldb1-debuginfo-1.1.26-12.2.1 libldb1-debuginfo-32bit-1.1.26-12.2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ldb-debugsource-1.1.26-12.2.1 ldb-tools-1.1.26-12.2.1 ldb-tools-debuginfo-1.1.26-12.2.1 libldb1-1.1.26-12.2.1 libldb1-debuginfo-1.1.26-12.2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libldb1-32bit-1.1.26-12.2.1 libldb1-debuginfo-32bit-1.1.26-12.2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ldb-debugsource-1.1.26-12.2.1 ldb-tools-1.1.26-12.2.1 ldb-tools-debuginfo-1.1.26-12.2.1 libldb1-1.1.26-12.2.1 libldb1-debuginfo-1.1.26-12.2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libldb1-32bit-1.1.26-12.2.1 libldb1-debuginfo-32bit-1.1.26-12.2.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ldb-debugsource-1.1.26-12.2.1 ldb-tools-1.1.26-12.2.1 ldb-tools-debuginfo-1.1.26-12.2.1 libldb1-1.1.26-12.2.1 libldb1-32bit-1.1.26-12.2.1 libldb1-debuginfo-1.1.26-12.2.1 libldb1-debuginfo-32bit-1.1.26-12.2.1 References: https://bugzilla.suse.com/1161417 From sle-updates at lists.suse.com Mon Feb 3 13:12:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Feb 2020 21:12:51 +0100 (CET) Subject: SUSE-RU-2020:0304-1: moderate: Recommended update for ldb Message-ID: <20200203201251.7AB12F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for ldb ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0304-1 Rating: moderate References: #1161417 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ldb fixes the following issue: - ship the ldb-tools package. (bsc#1161417) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-304=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-304=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-304=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-304=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-304=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-304=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-304=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-304=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-304=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-304=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ldb-debugsource-1.1.29-3.5.1 ldb-tools-1.1.29-3.5.1 ldb-tools-debuginfo-1.1.29-3.5.1 libldb1-1.1.29-3.5.1 libldb1-32bit-1.1.29-3.5.1 libldb1-debuginfo-1.1.29-3.5.1 libldb1-debuginfo-32bit-1.1.29-3.5.1 - SUSE OpenStack Cloud 8 (x86_64): ldb-debugsource-1.1.29-3.5.1 ldb-tools-1.1.29-3.5.1 ldb-tools-debuginfo-1.1.29-3.5.1 libldb1-1.1.29-3.5.1 libldb1-32bit-1.1.29-3.5.1 libldb1-debuginfo-1.1.29-3.5.1 libldb1-debuginfo-32bit-1.1.29-3.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.1.29-3.5.1 libldb-devel-1.1.29-3.5.1 python-ldb-1.1.29-3.5.1 python-ldb-debuginfo-1.1.29-3.5.1 python-ldb-devel-1.1.29-3.5.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): ldb-debugsource-1.1.29-3.5.1 ldb-tools-1.1.29-3.5.1 ldb-tools-debuginfo-1.1.29-3.5.1 libldb1-1.1.29-3.5.1 libldb1-debuginfo-1.1.29-3.5.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libldb1-32bit-1.1.29-3.5.1 libldb1-debuginfo-32bit-1.1.29-3.5.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.1.29-3.5.1 ldb-tools-1.1.29-3.5.1 ldb-tools-debuginfo-1.1.29-3.5.1 libldb1-1.1.29-3.5.1 libldb1-debuginfo-1.1.29-3.5.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libldb1-32bit-1.1.29-3.5.1 libldb1-debuginfo-32bit-1.1.29-3.5.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.1.29-3.5.1 ldb-tools-1.1.29-3.5.1 ldb-tools-debuginfo-1.1.29-3.5.1 libldb1-1.1.29-3.5.1 libldb1-debuginfo-1.1.29-3.5.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libldb1-32bit-1.1.29-3.5.1 libldb1-debuginfo-32bit-1.1.29-3.5.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): ldb-debugsource-1.1.29-3.5.1 ldb-tools-1.1.29-3.5.1 ldb-tools-debuginfo-1.1.29-3.5.1 libldb1-1.1.29-3.5.1 libldb1-32bit-1.1.29-3.5.1 libldb1-debuginfo-1.1.29-3.5.1 libldb1-debuginfo-32bit-1.1.29-3.5.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ldb-debugsource-1.1.29-3.5.1 libldb1-1.1.29-3.5.1 libldb1-32bit-1.1.29-3.5.1 libldb1-debuginfo-1.1.29-3.5.1 libldb1-debuginfo-32bit-1.1.29-3.5.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ldb-debugsource-1.1.29-3.5.1 ldb-tools-1.1.29-3.5.1 ldb-tools-debuginfo-1.1.29-3.5.1 libldb1-1.1.29-3.5.1 libldb1-debuginfo-1.1.29-3.5.1 - SUSE Enterprise Storage 5 (x86_64): libldb1-32bit-1.1.29-3.5.1 libldb1-debuginfo-32bit-1.1.29-3.5.1 - HPE Helion Openstack 8 (x86_64): ldb-debugsource-1.1.29-3.5.1 ldb-tools-1.1.29-3.5.1 ldb-tools-debuginfo-1.1.29-3.5.1 libldb1-1.1.29-3.5.1 libldb1-32bit-1.1.29-3.5.1 libldb1-debuginfo-1.1.29-3.5.1 libldb1-debuginfo-32bit-1.1.29-3.5.1 References: https://bugzilla.suse.com/1161417 From sle-updates at lists.suse.com Mon Feb 3 13:13:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Feb 2020 21:13:34 +0100 (CET) Subject: SUSE-RU-2020:0307-1: moderate: Recommended update for SAPHanaSR Message-ID: <20200203201334.D5CC6F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0307-1 Rating: moderate References: #1155423 #1156067 #1156150 #1157453 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for SAPHanaSR fixes the following issues: - Restart sapstartsrv service on master nameserver node during monitor action, if needed. But NOT during probes. (bsc#1157453, bsc#1156150) - The SAPHana resource agent must not down-score a SAP HANA Database site, but keep high scoring during recovery of the master name server. (bsc#1156067) - Change HAWK2 templates to python3. (bsc#1155423) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2020-307=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-307=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-307=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): SAPHanaSR-0.154.0-3.11.1 SAPHanaSR-doc-0.154.0-3.11.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): SAPHanaSR-0.154.0-3.11.1 SAPHanaSR-doc-0.154.0-3.11.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): SAPHanaSR-0.154.0-3.11.1 SAPHanaSR-doc-0.154.0-3.11.1 References: https://bugzilla.suse.com/1155423 https://bugzilla.suse.com/1156067 https://bugzilla.suse.com/1156150 https://bugzilla.suse.com/1157453 From sle-updates at lists.suse.com Mon Feb 3 13:14:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Feb 2020 21:14:37 +0100 (CET) Subject: SUSE-RU-2020:0309-1: Recommended update for sle_quickstarts Message-ID: <20200203201437.F3B66F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle_quickstarts ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0309-1 Rating: low References: #1153049 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sle_quickstarts fixes the following issues: * Fix the mispelled word installtion in the package description (bsc#1153049) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-309=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): sle_quickstarts-15-10.3.1 References: https://bugzilla.suse.com/1153049 From sle-updates at lists.suse.com Mon Feb 3 13:15:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Feb 2020 21:15:18 +0100 (CET) Subject: SUSE-RU-2020:0306-1: moderate: Recommended update for SAPHanaSR Message-ID: <20200203201518.80366F79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0306-1 Rating: moderate References: #1155423 #1156067 #1156150 #1157453 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for SAPHanaSR fixes the following issues: - Restart sapstartsrv service on master nameserver node during monitor action, if needed. But NOT during probes. (bsc#1157453, bsc#1156150) - The SAPHana resource agent must not down-score a SAP HANA Database site, but keep high scoring during recovery of the master name server. (bsc#1156067) - Change HAWK2 templates to python3. (bsc#1155423) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-306=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-306=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): SAPHanaSR-0.154.0-15.2.14.1 SAPHanaSR-doc-0.154.0-15.2.14.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): SAPHanaSR-0.154.0-15.2.14.1 SAPHanaSR-doc-0.154.0-15.2.14.1 References: https://bugzilla.suse.com/1155423 https://bugzilla.suse.com/1156067 https://bugzilla.suse.com/1156150 https://bugzilla.suse.com/1157453 From sle-updates at lists.suse.com Mon Feb 3 16:11:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Feb 2020 00:11:00 +0100 (CET) Subject: SUSE-SU-2020:0311-1: critical: Security update for crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client Message-ID: <20200203231100.E20FAF798@maintenance.suse.de> SUSE Security Update: Security update for crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0311-1 Rating: critical References: #1117080 #1160048 Cross-References: CVE-2018-17954 CVE-2019-16770 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client contains the following fixes: Security fixes for rubygem-crowbar-client: - CVE-2018-17954: Fixed an issue where crowbar was leaking the secret admin passwords to all nodes (bsc#1117080) Changes in crowbar-core: - Update to version 4.0+git.1578392992.fabfd186c: * Avoid nil crash when provisioner attributes are not set (bsc#1160048) - Update to version 4.0+git.1578294389.acc7385d5: * Adding CVE-2019-16770 to the ignore list, regarding SOC-10999. Changes in crowbar-openstack: - Update to version 4.0+git.1579171175.d53ab6363: * tempest: tempest run filters as templates (SOC-11052) * Add tempest filters based on services (SOC-9801) Changes in openstack-neutron-fwaas: - Remove the patch that was deleting the tempest entry point and enable tempest tests. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-311=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): crowbar-core-4.0+git.1578392992.fabfd186c-9.63.1 crowbar-core-branding-upstream-4.0+git.1578392992.fabfd186c-9.63.1 ruby2.1-rubygem-crowbar-client-3.9.1-7.17.1 - SUSE OpenStack Cloud 7 (noarch): crowbar-openstack-4.0+git.1579171175.d53ab6363-9.68.1 openstack-neutron-fwaas-9.0.2~dev5-4.6.1 openstack-neutron-fwaas-doc-9.0.2~dev5-4.6.1 python-neutron-fwaas-9.0.2~dev5-4.6.1 References: https://www.suse.com/security/cve/CVE-2018-17954.html https://www.suse.com/security/cve/CVE-2019-16770.html https://bugzilla.suse.com/1117080 https://bugzilla.suse.com/1160048 From sle-updates at lists.suse.com Tue Feb 4 07:14:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Feb 2020 15:14:42 +0100 (CET) Subject: SUSE-RU-2020:0312-1: moderate: Recommended update for ldb Message-ID: <20200204141442.05FAEF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for ldb ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0312-1 Rating: moderate References: #1161417 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ldb fixes the following issue: - ship the ldb-tools package. (bsc#1161417) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-312=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-312=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ldb-debugsource-1.1.24-6.2.1 ldb-tools-1.1.24-6.2.1 ldb-tools-debuginfo-1.1.24-6.2.1 libldb1-1.1.24-6.2.1 libldb1-32bit-1.1.24-6.2.1 libldb1-debuginfo-1.1.24-6.2.1 libldb1-debuginfo-32bit-1.1.24-6.2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ldb-debugsource-1.1.24-6.2.1 ldb-tools-1.1.24-6.2.1 ldb-tools-debuginfo-1.1.24-6.2.1 libldb1-1.1.24-6.2.1 libldb1-debuginfo-1.1.24-6.2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libldb1-32bit-1.1.24-6.2.1 libldb1-debuginfo-32bit-1.1.24-6.2.1 References: https://bugzilla.suse.com/1161417 From sle-updates at lists.suse.com Tue Feb 4 10:11:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Feb 2020 18:11:34 +0100 (CET) Subject: SUSE-RU-2020:0316-1: moderate: Recommended update for python-kiwi Message-ID: <20200204171134.1DB35F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0316-1 Rating: moderate References: #1139915 #1155815 #1156694 #1156908 #1157104 #1157354 #1159235 #1159538 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for python-kiwi fixes the following issues: - Update libyui-ncurses-pkg10 to libyui-ncurses-pkg11 Tumbleweed there is no longer the libyui-ncurses-pkg10 its been superseded by libyui-ncurses-pkg11. (bsc#1159538) - Fix grub2 configuration for shim fallback setup if shim fallback setup is enabled the grub.cfg is copied to the EFI partition. (bsc#1159235, bsc#1155815) - No swap volume is added on btrfs as the volume manager is not LVM, so swap has its own volume. (bsc#1156908) - Fixed setup of default grub config preventing grub2-mkconfig to place the root device information twice. (bsc#1156908) - Include 'grub.cfg' inside the efi partition the vfat. (bsc#1157354) - Fix for kiwi relative path in repository element. (bsc#1157104) - Fixed 'zipl' bootloader setup for 's390' images. (bsc#1156694) - Fix the sha256 generated file content in a 'kiwi result bundle' call includes the filename with the correct extension. (bsc#1139915) - Fixed rpmdb compat link setup removing the hardcoded path '/var/lib/rpm' and use the rpm macro definition instead. (bsc#1150190) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-316=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2020-316=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-kiwi-debugsource-9.19.8-3.27.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.19.8-3.27.1 dracut-kiwi-live-9.19.8-3.27.1 dracut-kiwi-oem-dump-9.19.8-3.27.1 dracut-kiwi-oem-repart-9.19.8-3.27.1 dracut-kiwi-overlay-9.19.8-3.27.1 kiwi-man-pages-9.19.8-3.27.1 kiwi-tools-9.19.8-3.27.1 kiwi-tools-debuginfo-9.19.8-3.27.1 python-kiwi-debugsource-9.19.8-3.27.1 python3-kiwi-9.19.8-3.27.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): kiwi-pxeboot-9.19.8-3.27.1 References: https://bugzilla.suse.com/1139915 https://bugzilla.suse.com/1155815 https://bugzilla.suse.com/1156694 https://bugzilla.suse.com/1156908 https://bugzilla.suse.com/1157104 https://bugzilla.suse.com/1157354 https://bugzilla.suse.com/1159235 https://bugzilla.suse.com/1159538 From sle-updates at lists.suse.com Tue Feb 4 10:13:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Feb 2020 18:13:06 +0100 (CET) Subject: SUSE-RU-2020:0315-1: moderate: Recommended update for yast2-packager Message-ID: <20200204171306.2BD70F79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-packager ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0315-1 Rating: moderate References: #1157926 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Installer 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-packager fixes the following issues: - Speed up product renames calculation while running a migration test. (bsc#1157926) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-315=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2020-315=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-packager-4.1.50-3.17.5 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-packager-4.1.50-3.17.5 References: https://bugzilla.suse.com/1157926 From sle-updates at lists.suse.com Tue Feb 4 10:13:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Feb 2020 18:13:47 +0100 (CET) Subject: SUSE-RU-2020:0313-1: moderate: Recommended update for yast2-pkg-bindings Message-ID: <20200204171347.85191F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-pkg-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0313-1 Rating: moderate References: #1132650 #1157202 #1158247 #1159120 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server Installer 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yast2-pkg-bindings fixes the following issues: - There was an issue on 1 GB RAM systems, where the installer freezed during system role selection (bsc#1132650) - Fixes an issue with displayed product names (bsc#1157202) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-313=1 - SUSE Linux Enterprise Server Installer 12-SP5: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP5-2020-313=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-313=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): yast2-pkg-bindings-devel-doc-3.2.8-3.3.1 - SUSE Linux Enterprise Server Installer 12-SP5 (aarch64 ppc64le s390x x86_64): yast2-pkg-bindings-3.2.8-3.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): yast2-pkg-bindings-3.2.8-3.3.1 yast2-pkg-bindings-debuginfo-3.2.8-3.3.1 yast2-pkg-bindings-debugsource-3.2.8-3.3.1 References: https://bugzilla.suse.com/1132650 https://bugzilla.suse.com/1157202 https://bugzilla.suse.com/1158247 https://bugzilla.suse.com/1159120 From sle-updates at lists.suse.com Tue Feb 4 10:14:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Feb 2020 18:14:55 +0100 (CET) Subject: SUSE-SU-2020:0319-1: important: Security update for libqt5-qtbase Message-ID: <20200204171455.7CB26F798@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0319-1 Rating: important References: #1118597 #1130246 #1161167 Cross-References: CVE-2018-19870 CVE-2018-19872 CVE-2020-0569 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libqt5-qtbase fixes the following issue: Security issues fixed: - CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). - CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). - CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). Other issue addressed: - Fixed an issue with rendering animated gifs (QTBUG-55141). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-319=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-319=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libQt5Core5-5.5.1-8.10.1 libQt5Core5-debuginfo-5.5.1-8.10.1 libQt5DBus5-5.5.1-8.10.1 libQt5DBus5-debuginfo-5.5.1-8.10.1 libQt5Gui5-5.5.1-8.10.1 libQt5Gui5-debuginfo-5.5.1-8.10.1 libQt5Network5-5.5.1-8.10.1 libQt5Network5-debuginfo-5.5.1-8.10.1 libQt5Widgets5-5.5.1-8.10.1 libQt5Widgets5-debuginfo-5.5.1-8.10.1 libqt5-qtbase-debugsource-5.5.1-8.10.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libQt5Core5-5.5.1-8.10.1 libQt5Core5-debuginfo-5.5.1-8.10.1 libQt5DBus5-5.5.1-8.10.1 libQt5DBus5-debuginfo-5.5.1-8.10.1 libQt5Gui5-5.5.1-8.10.1 libQt5Gui5-debuginfo-5.5.1-8.10.1 libQt5Network5-5.5.1-8.10.1 libQt5Network5-debuginfo-5.5.1-8.10.1 libQt5Widgets5-5.5.1-8.10.1 libQt5Widgets5-debuginfo-5.5.1-8.10.1 libqt5-qtbase-debugsource-5.5.1-8.10.1 References: https://www.suse.com/security/cve/CVE-2018-19870.html https://www.suse.com/security/cve/CVE-2018-19872.html https://www.suse.com/security/cve/CVE-2020-0569.html https://bugzilla.suse.com/1118597 https://bugzilla.suse.com/1130246 https://bugzilla.suse.com/1161167 From sle-updates at lists.suse.com Tue Feb 4 10:16:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Feb 2020 18:16:43 +0100 (CET) Subject: SUSE-SU-2020:0317-1: important: Security update for libqt5-qtbase Message-ID: <20200204171643.79CCEF79E@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0317-1 Rating: important References: #1118597 #1130246 #1161167 Cross-References: CVE-2018-19870 CVE-2018-19872 CVE-2020-0569 Affected Products: SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). - CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). - CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-317=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-317=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-317=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-317=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-317=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-317=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-317=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-317=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-317=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-317=1 Package List: - SUSE OpenStack Cloud 8 (x86_64): libQt5Concurrent5-5.6.2-6.22.1 libQt5Concurrent5-debuginfo-5.6.2-6.22.1 libQt5Core5-5.6.2-6.22.1 libQt5Core5-debuginfo-5.6.2-6.22.1 libQt5DBus5-5.6.2-6.22.1 libQt5DBus5-debuginfo-5.6.2-6.22.1 libQt5Gui5-5.6.2-6.22.1 libQt5Gui5-debuginfo-5.6.2-6.22.1 libQt5Network5-5.6.2-6.22.1 libQt5Network5-debuginfo-5.6.2-6.22.1 libQt5OpenGL5-5.6.2-6.22.1 libQt5OpenGL5-debuginfo-5.6.2-6.22.1 libQt5PrintSupport5-5.6.2-6.22.1 libQt5PrintSupport5-debuginfo-5.6.2-6.22.1 libQt5Sql5-5.6.2-6.22.1 libQt5Sql5-debuginfo-5.6.2-6.22.1 libQt5Sql5-mysql-5.6.2-6.22.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.22.1 libQt5Sql5-postgresql-5.6.2-6.22.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.22.1 libQt5Sql5-sqlite-5.6.2-6.22.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.22.1 libQt5Sql5-unixODBC-5.6.2-6.22.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.22.1 libQt5Test5-5.6.2-6.22.1 libQt5Test5-debuginfo-5.6.2-6.22.1 libQt5Widgets5-5.6.2-6.22.1 libQt5Widgets5-debuginfo-5.6.2-6.22.1 libQt5Xml5-5.6.2-6.22.1 libQt5Xml5-debuginfo-5.6.2-6.22.1 libqt5-qtbase-debugsource-5.6.2-6.22.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.6.2-6.22.1 libQt5Concurrent-devel-5.6.2-6.22.1 libQt5Core-devel-5.6.2-6.22.1 libQt5DBus-devel-5.6.2-6.22.1 libQt5DBus-devel-debuginfo-5.6.2-6.22.1 libQt5Gui-devel-5.6.2-6.22.1 libQt5Network-devel-5.6.2-6.22.1 libQt5OpenGL-devel-5.6.2-6.22.1 libQt5OpenGLExtensions-devel-static-5.6.2-6.22.1 libQt5PlatformHeaders-devel-5.6.2-6.22.1 libQt5PlatformSupport-devel-static-5.6.2-6.22.1 libQt5PrintSupport-devel-5.6.2-6.22.1 libQt5Sql-devel-5.6.2-6.22.1 libQt5Test-devel-5.6.2-6.22.1 libQt5Widgets-devel-5.6.2-6.22.1 libQt5Xml-devel-5.6.2-6.22.1 libqt5-qtbase-common-devel-5.6.2-6.22.1 libqt5-qtbase-common-devel-debuginfo-5.6.2-6.22.1 libqt5-qtbase-debugsource-5.6.2-6.22.1 libqt5-qtbase-devel-5.6.2-6.22.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): libQt5Core-private-headers-devel-5.6.2-6.22.1 libQt5DBus-private-headers-devel-5.6.2-6.22.1 libQt5Gui-private-headers-devel-5.6.2-6.22.1 libQt5Network-private-headers-devel-5.6.2-6.22.1 libQt5OpenGL-private-headers-devel-5.6.2-6.22.1 libQt5PlatformSupport-private-headers-devel-5.6.2-6.22.1 libQt5PrintSupport-private-headers-devel-5.6.2-6.22.1 libQt5Sql-private-headers-devel-5.6.2-6.22.1 libQt5Test-private-headers-devel-5.6.2-6.22.1 libQt5Widgets-private-headers-devel-5.6.2-6.22.1 libqt5-qtbase-private-headers-devel-5.6.2-6.22.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.6.2-6.22.1 libQt5Concurrent-devel-5.6.2-6.22.1 libQt5Core-devel-5.6.2-6.22.1 libQt5DBus-devel-5.6.2-6.22.1 libQt5DBus-devel-debuginfo-5.6.2-6.22.1 libQt5Gui-devel-5.6.2-6.22.1 libQt5Network-devel-5.6.2-6.22.1 libQt5OpenGL-devel-5.6.2-6.22.1 libQt5OpenGLExtensions-devel-static-5.6.2-6.22.1 libQt5PlatformHeaders-devel-5.6.2-6.22.1 libQt5PlatformSupport-devel-static-5.6.2-6.22.1 libQt5PrintSupport-devel-5.6.2-6.22.1 libQt5Sql-devel-5.6.2-6.22.1 libQt5Test-devel-5.6.2-6.22.1 libQt5Widgets-devel-5.6.2-6.22.1 libQt5Xml-devel-5.6.2-6.22.1 libqt5-qtbase-common-devel-5.6.2-6.22.1 libqt5-qtbase-common-devel-debuginfo-5.6.2-6.22.1 libqt5-qtbase-debugsource-5.6.2-6.22.1 libqt5-qtbase-devel-5.6.2-6.22.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): libQt5Core-private-headers-devel-5.6.2-6.22.1 libQt5DBus-private-headers-devel-5.6.2-6.22.1 libQt5Gui-private-headers-devel-5.6.2-6.22.1 libQt5Network-private-headers-devel-5.6.2-6.22.1 libQt5OpenGL-private-headers-devel-5.6.2-6.22.1 libQt5PlatformSupport-private-headers-devel-5.6.2-6.22.1 libQt5PrintSupport-private-headers-devel-5.6.2-6.22.1 libQt5Sql-private-headers-devel-5.6.2-6.22.1 libQt5Test-private-headers-devel-5.6.2-6.22.1 libQt5Widgets-private-headers-devel-5.6.2-6.22.1 libqt5-qtbase-private-headers-devel-5.6.2-6.22.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libQt5Concurrent5-5.6.2-6.22.1 libQt5Concurrent5-debuginfo-5.6.2-6.22.1 libQt5Core5-5.6.2-6.22.1 libQt5Core5-debuginfo-5.6.2-6.22.1 libQt5DBus5-5.6.2-6.22.1 libQt5DBus5-debuginfo-5.6.2-6.22.1 libQt5Gui5-5.6.2-6.22.1 libQt5Gui5-debuginfo-5.6.2-6.22.1 libQt5Network5-5.6.2-6.22.1 libQt5Network5-debuginfo-5.6.2-6.22.1 libQt5OpenGL5-5.6.2-6.22.1 libQt5OpenGL5-debuginfo-5.6.2-6.22.1 libQt5PrintSupport5-5.6.2-6.22.1 libQt5PrintSupport5-debuginfo-5.6.2-6.22.1 libQt5Sql5-5.6.2-6.22.1 libQt5Sql5-debuginfo-5.6.2-6.22.1 libQt5Sql5-mysql-5.6.2-6.22.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.22.1 libQt5Sql5-postgresql-5.6.2-6.22.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.22.1 libQt5Sql5-sqlite-5.6.2-6.22.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.22.1 libQt5Sql5-unixODBC-5.6.2-6.22.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.22.1 libQt5Test5-5.6.2-6.22.1 libQt5Test5-debuginfo-5.6.2-6.22.1 libQt5Widgets5-5.6.2-6.22.1 libQt5Widgets5-debuginfo-5.6.2-6.22.1 libQt5Xml5-5.6.2-6.22.1 libQt5Xml5-debuginfo-5.6.2-6.22.1 libqt5-qtbase-debugsource-5.6.2-6.22.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libQt5Concurrent5-5.6.2-6.22.1 libQt5Concurrent5-debuginfo-5.6.2-6.22.1 libQt5Core5-5.6.2-6.22.1 libQt5Core5-debuginfo-5.6.2-6.22.1 libQt5DBus5-5.6.2-6.22.1 libQt5DBus5-debuginfo-5.6.2-6.22.1 libQt5Gui5-5.6.2-6.22.1 libQt5Gui5-debuginfo-5.6.2-6.22.1 libQt5Network5-5.6.2-6.22.1 libQt5Network5-debuginfo-5.6.2-6.22.1 libQt5OpenGL5-5.6.2-6.22.1 libQt5OpenGL5-debuginfo-5.6.2-6.22.1 libQt5PrintSupport5-5.6.2-6.22.1 libQt5PrintSupport5-debuginfo-5.6.2-6.22.1 libQt5Sql5-5.6.2-6.22.1 libQt5Sql5-debuginfo-5.6.2-6.22.1 libQt5Sql5-mysql-5.6.2-6.22.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.22.1 libQt5Sql5-postgresql-5.6.2-6.22.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.22.1 libQt5Sql5-sqlite-5.6.2-6.22.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.22.1 libQt5Sql5-unixODBC-5.6.2-6.22.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.22.1 libQt5Test5-5.6.2-6.22.1 libQt5Test5-debuginfo-5.6.2-6.22.1 libQt5Widgets5-5.6.2-6.22.1 libQt5Widgets5-debuginfo-5.6.2-6.22.1 libQt5Xml5-5.6.2-6.22.1 libQt5Xml5-debuginfo-5.6.2-6.22.1 libqt5-qtbase-debugsource-5.6.2-6.22.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libQt5Concurrent5-5.6.2-6.22.1 libQt5Concurrent5-debuginfo-5.6.2-6.22.1 libQt5Core5-5.6.2-6.22.1 libQt5Core5-debuginfo-5.6.2-6.22.1 libQt5DBus5-5.6.2-6.22.1 libQt5DBus5-debuginfo-5.6.2-6.22.1 libQt5Gui5-5.6.2-6.22.1 libQt5Gui5-debuginfo-5.6.2-6.22.1 libQt5Network5-5.6.2-6.22.1 libQt5Network5-debuginfo-5.6.2-6.22.1 libQt5OpenGL5-5.6.2-6.22.1 libQt5OpenGL5-debuginfo-5.6.2-6.22.1 libQt5PrintSupport5-5.6.2-6.22.1 libQt5PrintSupport5-debuginfo-5.6.2-6.22.1 libQt5Sql5-5.6.2-6.22.1 libQt5Sql5-debuginfo-5.6.2-6.22.1 libQt5Sql5-mysql-5.6.2-6.22.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.22.1 libQt5Sql5-postgresql-5.6.2-6.22.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.22.1 libQt5Sql5-sqlite-5.6.2-6.22.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.22.1 libQt5Sql5-unixODBC-5.6.2-6.22.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.22.1 libQt5Test5-5.6.2-6.22.1 libQt5Test5-debuginfo-5.6.2-6.22.1 libQt5Widgets5-5.6.2-6.22.1 libQt5Widgets5-debuginfo-5.6.2-6.22.1 libQt5Xml5-5.6.2-6.22.1 libQt5Xml5-debuginfo-5.6.2-6.22.1 libqt5-qtbase-debugsource-5.6.2-6.22.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libQt5Concurrent5-5.6.2-6.22.1 libQt5Concurrent5-debuginfo-5.6.2-6.22.1 libQt5Core5-5.6.2-6.22.1 libQt5Core5-debuginfo-5.6.2-6.22.1 libQt5DBus5-5.6.2-6.22.1 libQt5DBus5-debuginfo-5.6.2-6.22.1 libQt5Gui5-5.6.2-6.22.1 libQt5Gui5-debuginfo-5.6.2-6.22.1 libQt5Network5-5.6.2-6.22.1 libQt5Network5-debuginfo-5.6.2-6.22.1 libQt5OpenGL5-5.6.2-6.22.1 libQt5OpenGL5-debuginfo-5.6.2-6.22.1 libQt5PrintSupport5-5.6.2-6.22.1 libQt5PrintSupport5-debuginfo-5.6.2-6.22.1 libQt5Sql5-5.6.2-6.22.1 libQt5Sql5-debuginfo-5.6.2-6.22.1 libQt5Sql5-mysql-5.6.2-6.22.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.22.1 libQt5Sql5-postgresql-5.6.2-6.22.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.22.1 libQt5Sql5-sqlite-5.6.2-6.22.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.22.1 libQt5Sql5-unixODBC-5.6.2-6.22.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.22.1 libQt5Test5-5.6.2-6.22.1 libQt5Test5-debuginfo-5.6.2-6.22.1 libQt5Widgets5-5.6.2-6.22.1 libQt5Widgets5-debuginfo-5.6.2-6.22.1 libQt5Xml5-5.6.2-6.22.1 libQt5Xml5-debuginfo-5.6.2-6.22.1 libqt5-qtbase-debugsource-5.6.2-6.22.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libQt5Concurrent5-5.6.2-6.22.1 libQt5Concurrent5-debuginfo-5.6.2-6.22.1 libQt5Core5-5.6.2-6.22.1 libQt5Core5-debuginfo-5.6.2-6.22.1 libQt5DBus5-5.6.2-6.22.1 libQt5DBus5-debuginfo-5.6.2-6.22.1 libQt5Gui5-5.6.2-6.22.1 libQt5Gui5-debuginfo-5.6.2-6.22.1 libQt5Network5-5.6.2-6.22.1 libQt5Network5-debuginfo-5.6.2-6.22.1 libQt5OpenGL5-5.6.2-6.22.1 libQt5OpenGL5-debuginfo-5.6.2-6.22.1 libQt5PrintSupport5-5.6.2-6.22.1 libQt5PrintSupport5-debuginfo-5.6.2-6.22.1 libQt5Sql5-5.6.2-6.22.1 libQt5Sql5-debuginfo-5.6.2-6.22.1 libQt5Sql5-mysql-5.6.2-6.22.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.22.1 libQt5Sql5-postgresql-5.6.2-6.22.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.22.1 libQt5Sql5-sqlite-5.6.2-6.22.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.22.1 libQt5Sql5-unixODBC-5.6.2-6.22.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.22.1 libQt5Test5-5.6.2-6.22.1 libQt5Test5-debuginfo-5.6.2-6.22.1 libQt5Widgets5-5.6.2-6.22.1 libQt5Widgets5-debuginfo-5.6.2-6.22.1 libQt5Xml5-5.6.2-6.22.1 libQt5Xml5-debuginfo-5.6.2-6.22.1 libqt5-qtbase-debugsource-5.6.2-6.22.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libQt5Concurrent5-5.6.2-6.22.1 libQt5Concurrent5-debuginfo-5.6.2-6.22.1 libQt5Core5-5.6.2-6.22.1 libQt5Core5-debuginfo-5.6.2-6.22.1 libQt5DBus5-5.6.2-6.22.1 libQt5DBus5-debuginfo-5.6.2-6.22.1 libQt5Gui5-5.6.2-6.22.1 libQt5Gui5-debuginfo-5.6.2-6.22.1 libQt5Network5-5.6.2-6.22.1 libQt5Network5-debuginfo-5.6.2-6.22.1 libQt5OpenGL5-5.6.2-6.22.1 libQt5OpenGL5-debuginfo-5.6.2-6.22.1 libQt5PrintSupport5-5.6.2-6.22.1 libQt5PrintSupport5-debuginfo-5.6.2-6.22.1 libQt5Sql5-5.6.2-6.22.1 libQt5Sql5-debuginfo-5.6.2-6.22.1 libQt5Sql5-mysql-5.6.2-6.22.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.22.1 libQt5Sql5-postgresql-5.6.2-6.22.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.22.1 libQt5Sql5-sqlite-5.6.2-6.22.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.22.1 libQt5Sql5-unixODBC-5.6.2-6.22.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.22.1 libQt5Test5-5.6.2-6.22.1 libQt5Test5-debuginfo-5.6.2-6.22.1 libQt5Widgets5-5.6.2-6.22.1 libQt5Widgets5-debuginfo-5.6.2-6.22.1 libQt5Xml5-5.6.2-6.22.1 libQt5Xml5-debuginfo-5.6.2-6.22.1 libqt5-qtbase-debugsource-5.6.2-6.22.1 - SUSE Enterprise Storage 5 (x86_64): libQt5Concurrent5-5.6.2-6.22.1 libQt5Concurrent5-debuginfo-5.6.2-6.22.1 libQt5Core5-5.6.2-6.22.1 libQt5Core5-debuginfo-5.6.2-6.22.1 libQt5DBus5-5.6.2-6.22.1 libQt5DBus5-debuginfo-5.6.2-6.22.1 libQt5Gui5-5.6.2-6.22.1 libQt5Gui5-debuginfo-5.6.2-6.22.1 libQt5Network5-5.6.2-6.22.1 libQt5Network5-debuginfo-5.6.2-6.22.1 libQt5OpenGL5-5.6.2-6.22.1 libQt5OpenGL5-debuginfo-5.6.2-6.22.1 libQt5PrintSupport5-5.6.2-6.22.1 libQt5PrintSupport5-debuginfo-5.6.2-6.22.1 libQt5Sql5-5.6.2-6.22.1 libQt5Sql5-debuginfo-5.6.2-6.22.1 libQt5Sql5-mysql-5.6.2-6.22.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.22.1 libQt5Sql5-postgresql-5.6.2-6.22.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.22.1 libQt5Sql5-sqlite-5.6.2-6.22.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.22.1 libQt5Sql5-unixODBC-5.6.2-6.22.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.22.1 libQt5Test5-5.6.2-6.22.1 libQt5Test5-debuginfo-5.6.2-6.22.1 libQt5Widgets5-5.6.2-6.22.1 libQt5Widgets5-debuginfo-5.6.2-6.22.1 libQt5Xml5-5.6.2-6.22.1 libQt5Xml5-debuginfo-5.6.2-6.22.1 libqt5-qtbase-debugsource-5.6.2-6.22.1 References: https://www.suse.com/security/cve/CVE-2018-19870.html https://www.suse.com/security/cve/CVE-2018-19872.html https://www.suse.com/security/cve/CVE-2020-0569.html https://bugzilla.suse.com/1118597 https://bugzilla.suse.com/1130246 https://bugzilla.suse.com/1161167 From sle-updates at lists.suse.com Tue Feb 4 10:15:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Feb 2020 18:15:54 +0100 (CET) Subject: SUSE-RU-2020:0314-1: moderate: Recommended update for gssproxy Message-ID: <20200204171554.17DE7F79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for gssproxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0314-1 Rating: moderate References: #1024309 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gssproxy fixes the following issues: - Fix paths in tests and replace python's f-string usage - Initial check-in of gssproxy is needed on the NFS server if krb5 is used for NFS authentication using an AD directory server. (bsc#1024309)(FATE#322526) - 'krb5' may need "auth_to_local = RULE:[1:$1@$0]" on the "realms" section when "winbind" is used for nsswitch.conf. (bsc#1024309)(FATE#322526) Also ding-libs was updated from 0.6.0 to 0.6.1 (jsc#ECO-248): - libini now supports validators that check for well-formed INI files. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-314=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-314=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-314=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libbasicobjects-devel-32bit-0.1.1-3.3.1 libbasicobjects0-32bit-0.1.1-3.3.1 libbasicobjects0-32bit-debuginfo-0.1.1-3.3.1 libcollection-devel-32bit-0.7.0-3.3.1 libcollection4-32bit-0.7.0-3.3.1 libcollection4-32bit-debuginfo-0.7.0-3.3.1 libdhash-devel-32bit-0.5.0-3.3.1 libdhash1-32bit-0.5.0-3.3.1 libdhash1-32bit-debuginfo-0.5.0-3.3.1 libini_config-devel-32bit-1.3.1-3.3.1 libini_config5-32bit-1.3.1-3.3.1 libini_config5-32bit-debuginfo-1.3.1-3.3.1 libpath_utils-devel-32bit-0.2.1-3.3.1 libpath_utils1-32bit-0.2.1-3.3.1 libpath_utils1-32bit-debuginfo-0.2.1-3.3.1 libref_array-devel-32bit-0.1.5-3.3.1 libref_array1-32bit-0.1.5-3.3.1 libref_array1-32bit-debuginfo-0.1.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): gssproxy-0.8.2-3.3.2 gssproxy-debuginfo-0.8.2-3.3.2 libbasicobjects-devel-0.1.1-3.3.1 libbasicobjects0-0.1.1-3.3.1 libbasicobjects0-debuginfo-0.1.1-3.3.1 libcollection-devel-0.7.0-3.3.1 libcollection4-0.7.0-3.3.1 libcollection4-debuginfo-0.7.0-3.3.1 libdhash-devel-0.5.0-3.3.1 libdhash1-0.5.0-3.3.1 libdhash1-debuginfo-0.5.0-3.3.1 libini_config-devel-1.3.1-3.3.1 libini_config5-1.3.1-3.3.1 libini_config5-debuginfo-1.3.1-3.3.1 libpath_utils-devel-0.2.1-3.3.1 libpath_utils1-0.2.1-3.3.1 libpath_utils1-debuginfo-0.2.1-3.3.1 libref_array-devel-0.1.5-3.3.1 libref_array1-0.1.5-3.3.1 libref_array1-debuginfo-0.1.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libbasicobjects-devel-0.1.1-3.3.1 libbasicobjects0-0.1.1-3.3.1 libbasicobjects0-debuginfo-0.1.1-3.3.1 libcollection-devel-0.7.0-3.3.1 libcollection4-0.7.0-3.3.1 libcollection4-debuginfo-0.7.0-3.3.1 libdhash-devel-0.5.0-3.3.1 libdhash1-0.5.0-3.3.1 libdhash1-debuginfo-0.5.0-3.3.1 libini_config-devel-1.3.1-3.3.1 libini_config5-1.3.1-3.3.1 libini_config5-debuginfo-1.3.1-3.3.1 libpath_utils-devel-0.2.1-3.3.1 libpath_utils1-0.2.1-3.3.1 libpath_utils1-debuginfo-0.2.1-3.3.1 libref_array-devel-0.1.5-3.3.1 libref_array1-0.1.5-3.3.1 libref_array1-debuginfo-0.1.5-3.3.1 References: https://bugzilla.suse.com/1024309 From sle-updates at lists.suse.com Tue Feb 4 10:17:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Feb 2020 18:17:44 +0100 (CET) Subject: SUSE-SU-2020:0318-1: important: Security update for libqt5-qtbase Message-ID: <20200204171744.47489F79E@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0318-1 Rating: important References: #1118597 #1130246 #1161167 Cross-References: CVE-2018-19870 CVE-2018-19872 CVE-2020-0569 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libqt5-qtbase fixes the following issue: Security issue fixed: - CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). - CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). - CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). Other issue addressed: - Fixed an issue with rendering animated gifs (QTBUG-55141). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-318=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-318=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-318=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-318=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libQt5Concurrent5-5.6.1-17.13.1 libQt5Concurrent5-debuginfo-5.6.1-17.13.1 libQt5Core5-5.6.1-17.13.1 libQt5Core5-debuginfo-5.6.1-17.13.1 libQt5DBus5-5.6.1-17.13.1 libQt5DBus5-debuginfo-5.6.1-17.13.1 libQt5Gui5-5.6.1-17.13.1 libQt5Gui5-debuginfo-5.6.1-17.13.1 libQt5Network5-5.6.1-17.13.1 libQt5Network5-debuginfo-5.6.1-17.13.1 libQt5OpenGL5-5.6.1-17.13.1 libQt5OpenGL5-debuginfo-5.6.1-17.13.1 libQt5PrintSupport5-5.6.1-17.13.1 libQt5PrintSupport5-debuginfo-5.6.1-17.13.1 libQt5Sql5-5.6.1-17.13.1 libQt5Sql5-debuginfo-5.6.1-17.13.1 libQt5Sql5-mysql-5.6.1-17.13.1 libQt5Sql5-mysql-debuginfo-5.6.1-17.13.1 libQt5Sql5-postgresql-5.6.1-17.13.1 libQt5Sql5-postgresql-debuginfo-5.6.1-17.13.1 libQt5Sql5-sqlite-5.6.1-17.13.1 libQt5Sql5-sqlite-debuginfo-5.6.1-17.13.1 libQt5Sql5-unixODBC-5.6.1-17.13.1 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.13.1 libQt5Test5-5.6.1-17.13.1 libQt5Test5-debuginfo-5.6.1-17.13.1 libQt5Widgets5-5.6.1-17.13.1 libQt5Widgets5-debuginfo-5.6.1-17.13.1 libQt5Xml5-5.6.1-17.13.1 libQt5Xml5-debuginfo-5.6.1-17.13.1 libqt5-qtbase-debugsource-5.6.1-17.13.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libQt5Concurrent5-5.6.1-17.13.1 libQt5Concurrent5-debuginfo-5.6.1-17.13.1 libQt5Core5-5.6.1-17.13.1 libQt5Core5-debuginfo-5.6.1-17.13.1 libQt5DBus5-5.6.1-17.13.1 libQt5DBus5-debuginfo-5.6.1-17.13.1 libQt5Gui5-5.6.1-17.13.1 libQt5Gui5-debuginfo-5.6.1-17.13.1 libQt5Network5-5.6.1-17.13.1 libQt5Network5-debuginfo-5.6.1-17.13.1 libQt5OpenGL5-5.6.1-17.13.1 libQt5OpenGL5-debuginfo-5.6.1-17.13.1 libQt5PrintSupport5-5.6.1-17.13.1 libQt5PrintSupport5-debuginfo-5.6.1-17.13.1 libQt5Sql5-5.6.1-17.13.1 libQt5Sql5-debuginfo-5.6.1-17.13.1 libQt5Sql5-mysql-5.6.1-17.13.1 libQt5Sql5-mysql-debuginfo-5.6.1-17.13.1 libQt5Sql5-postgresql-5.6.1-17.13.1 libQt5Sql5-postgresql-debuginfo-5.6.1-17.13.1 libQt5Sql5-sqlite-5.6.1-17.13.1 libQt5Sql5-sqlite-debuginfo-5.6.1-17.13.1 libQt5Sql5-unixODBC-5.6.1-17.13.1 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.13.1 libQt5Test5-5.6.1-17.13.1 libQt5Test5-debuginfo-5.6.1-17.13.1 libQt5Widgets5-5.6.1-17.13.1 libQt5Widgets5-debuginfo-5.6.1-17.13.1 libQt5Xml5-5.6.1-17.13.1 libQt5Xml5-debuginfo-5.6.1-17.13.1 libqt5-qtbase-debugsource-5.6.1-17.13.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libQt5Concurrent5-5.6.1-17.13.1 libQt5Concurrent5-debuginfo-5.6.1-17.13.1 libQt5Core5-5.6.1-17.13.1 libQt5Core5-debuginfo-5.6.1-17.13.1 libQt5DBus5-5.6.1-17.13.1 libQt5DBus5-debuginfo-5.6.1-17.13.1 libQt5Gui5-5.6.1-17.13.1 libQt5Gui5-debuginfo-5.6.1-17.13.1 libQt5Network5-5.6.1-17.13.1 libQt5Network5-debuginfo-5.6.1-17.13.1 libQt5OpenGL5-5.6.1-17.13.1 libQt5OpenGL5-debuginfo-5.6.1-17.13.1 libQt5PrintSupport5-5.6.1-17.13.1 libQt5PrintSupport5-debuginfo-5.6.1-17.13.1 libQt5Sql5-5.6.1-17.13.1 libQt5Sql5-debuginfo-5.6.1-17.13.1 libQt5Sql5-mysql-5.6.1-17.13.1 libQt5Sql5-mysql-debuginfo-5.6.1-17.13.1 libQt5Sql5-postgresql-5.6.1-17.13.1 libQt5Sql5-postgresql-debuginfo-5.6.1-17.13.1 libQt5Sql5-sqlite-5.6.1-17.13.1 libQt5Sql5-sqlite-debuginfo-5.6.1-17.13.1 libQt5Sql5-unixODBC-5.6.1-17.13.1 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.13.1 libQt5Test5-5.6.1-17.13.1 libQt5Test5-debuginfo-5.6.1-17.13.1 libQt5Widgets5-5.6.1-17.13.1 libQt5Widgets5-debuginfo-5.6.1-17.13.1 libQt5Xml5-5.6.1-17.13.1 libQt5Xml5-debuginfo-5.6.1-17.13.1 libqt5-qtbase-debugsource-5.6.1-17.13.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libQt5Concurrent5-5.6.1-17.13.1 libQt5Concurrent5-debuginfo-5.6.1-17.13.1 libQt5Core5-5.6.1-17.13.1 libQt5Core5-debuginfo-5.6.1-17.13.1 libQt5DBus5-5.6.1-17.13.1 libQt5DBus5-debuginfo-5.6.1-17.13.1 libQt5Gui5-5.6.1-17.13.1 libQt5Gui5-debuginfo-5.6.1-17.13.1 libQt5Network5-5.6.1-17.13.1 libQt5Network5-debuginfo-5.6.1-17.13.1 libQt5OpenGL5-5.6.1-17.13.1 libQt5OpenGL5-debuginfo-5.6.1-17.13.1 libQt5PrintSupport5-5.6.1-17.13.1 libQt5PrintSupport5-debuginfo-5.6.1-17.13.1 libQt5Sql5-5.6.1-17.13.1 libQt5Sql5-debuginfo-5.6.1-17.13.1 libQt5Sql5-mysql-5.6.1-17.13.1 libQt5Sql5-mysql-debuginfo-5.6.1-17.13.1 libQt5Sql5-postgresql-5.6.1-17.13.1 libQt5Sql5-postgresql-debuginfo-5.6.1-17.13.1 libQt5Sql5-sqlite-5.6.1-17.13.1 libQt5Sql5-sqlite-debuginfo-5.6.1-17.13.1 libQt5Sql5-unixODBC-5.6.1-17.13.1 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.13.1 libQt5Test5-5.6.1-17.13.1 libQt5Test5-debuginfo-5.6.1-17.13.1 libQt5Widgets5-5.6.1-17.13.1 libQt5Widgets5-debuginfo-5.6.1-17.13.1 libQt5Xml5-5.6.1-17.13.1 libQt5Xml5-debuginfo-5.6.1-17.13.1 libqt5-qtbase-debugsource-5.6.1-17.13.1 References: https://www.suse.com/security/cve/CVE-2018-19870.html https://www.suse.com/security/cve/CVE-2018-19872.html https://www.suse.com/security/cve/CVE-2020-0569.html https://bugzilla.suse.com/1118597 https://bugzilla.suse.com/1130246 https://bugzilla.suse.com/1161167 From sle-updates at lists.suse.com Tue Feb 4 11:31:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Feb 2020 19:31:18 +0100 (CET) Subject: SUSE-CU-2020:42-1: Recommended update of ses/6/cephcsi/cephcsi Message-ID: <20200204183118.123A4FC56@maintenance.suse.de> SUSE Container Update Advisory: ses/6/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:42-1 Container Tags : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.112 , ses/6/cephcsi/cephcsi:latest Container Release : 1.5.112 Severity : moderate Type : recommended References : 1161330 1161793 ----------------------------------------------------------------- The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:298-1 Released: Mon Feb 3 08:42:34 2020 Summary: Recommended update for nfs-ganesha Type: recommended Severity: moderate References: 1161330,1161793 Description: This update for nfs-ganesha fixes the following issues: - Fixes an issue where ganesha doesn't read the rados_url properly (bsc#1161793) - Fixes an issue where the service could not started on certain systems (bsc#1161330) From sle-updates at lists.suse.com Tue Feb 4 11:33:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Feb 2020 19:33:02 +0100 (CET) Subject: SUSE-CU-2020:43-1: Recommended update of ses/6/ceph/ceph Message-ID: <20200204183302.5E7CFFC56@maintenance.suse.de> SUSE Container Update Advisory: ses/6/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:43-1 Container Tags : ses/6/ceph/ceph:14.2.5.382 , ses/6/ceph/ceph:14.2.5.382.1.5.110 , ses/6/ceph/ceph:latest Container Release : 1.5.110 Severity : moderate Type : recommended References : 1161330 1161793 ----------------------------------------------------------------- The container ses/6/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:298-1 Released: Mon Feb 3 08:42:34 2020 Summary: Recommended update for nfs-ganesha Type: recommended Severity: moderate References: 1161330,1161793 Description: This update for nfs-ganesha fixes the following issues: - Fixes an issue where ganesha doesn't read the rados_url properly (bsc#1161793) - Fixes an issue where the service could not started on certain systems (bsc#1161330) From sle-updates at lists.suse.com Tue Feb 4 11:34:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Feb 2020 19:34:45 +0100 (CET) Subject: SUSE-CU-2020:44-1: Recommended update of ses/6/rook/ceph Message-ID: <20200204183445.B7304FC56@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:44-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.112 , ses/6/rook/ceph:latest Container Release : 1.5.112 Severity : low Type : recommended References : ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Tue Feb 4 11:36:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Feb 2020 19:36:29 +0100 (CET) Subject: SUSE-CU-2020:45-1: Recommended update of ses/6/rook/ceph Message-ID: <20200204183629.321DFF79E@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:45-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.112 , ses/6/rook/ceph:latest Container Release : 1.5.112 Severity : moderate Type : recommended References : 1161330 1161793 ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:298-1 Released: Mon Feb 3 08:42:34 2020 Summary: Recommended update for nfs-ganesha Type: recommended Severity: moderate References: 1161330,1161793 Description: This update for nfs-ganesha fixes the following issues: - Fixes an issue where ganesha doesn't read the rados_url properly (bsc#1161793) - Fixes an issue where the service could not started on certain systems (bsc#1161330) From sle-updates at lists.suse.com Tue Feb 4 13:11:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Feb 2020 21:11:05 +0100 (CET) Subject: SUSE-SU-2020:0320-1: important: Security update for terraform Message-ID: <20200204201105.7AEE7F798@maintenance.suse.de> SUSE Security Update: Security update for terraform ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0320-1 Rating: important References: #1158440 Cross-References: CVE-2019-19316 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for terraform to version 0.12.19 fixes the following issues: - CVE-2019-19316: Fixed an information leak where SAS token could be transfered in cleartext (bsc#1158440). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-320=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): terraform-0.12.19-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-19316.html https://bugzilla.suse.com/1158440 From sle-updates at lists.suse.com Wed Feb 5 04:11:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Feb 2020 12:11:51 +0100 (CET) Subject: SUSE-RU-2020:0322-1: moderate: Recommended update for terraform-provider-aws, terraform-provider-susepubliccloud Message-ID: <20200205111151.E136FF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for terraform-provider-aws, terraform-provider-susepubliccloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0322-1 Rating: moderate References: #1162585 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for terraform-provider-aws, terraform-provider-susepubliccloud fixes the following issues: - terraform-provider-susepubliccloud was released in version 0.0.1 (bsc#1162585 jsc#ECO-134) - terraform-provider-aws was released in v2.29.0 (bsc#1162585 jsc#ECO-134) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-322=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): terraform-provider-susepubliccloud-0.0.1-3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 s390x x86_64): terraform-provider-aws-2.29.0-3.3.1 References: https://bugzilla.suse.com/1162585 From sle-updates at lists.suse.com Wed Feb 5 04:12:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Feb 2020 12:12:32 +0100 (CET) Subject: SUSE-RU-2020:0321-1: moderate: Recommended update for openscap Message-ID: <20200205111232.973A3F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for openscap ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0321-1 Rating: moderate References: #1160601 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openscap to version 1.3.1 fixes the following issues: New features: - Support for SCAP 1.3 Source Datastreams (evaluating, XML schemas, validation) - Introduced `oscap-podman` -- a tool for SCAP evaluation of Podman images and containers - Tailoring files are included in ARF result files - OVAL details are always shown in HTML report, users do not have to provide `--oval-results` on command line - HTML report displays OVAL test details also for OVAL tests included from other OVAL definitions using `extend_definition` - OVAL test IDs are shown in HTML report - Rule IDs are shown in HTML guide - Added `block_size` in Linux `partition_state` defined in OVAL 5.11.2 - Added `oscap_wrapper` that can be used to comfortably execute custom compiled oscap tool It also contains maintenance and bug fixes, for a complete list please see https://github.com/OpenSCAP/openscap/releases/tag/1.3.1 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-321=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-321=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libopenscap_sce25-1.3.1-3.3.1 libopenscap_sce25-debuginfo-1.3.1-3.3.1 openscap-debuginfo-1.3.1-3.3.1 openscap-debugsource-1.3.1-3.3.1 openscap-docker-1.3.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libopenscap25-1.3.1-3.3.1 libopenscap25-debuginfo-1.3.1-3.3.1 openscap-1.3.1-3.3.1 openscap-content-1.3.1-3.3.1 openscap-debuginfo-1.3.1-3.3.1 openscap-debugsource-1.3.1-3.3.1 openscap-devel-1.3.1-3.3.1 openscap-utils-1.3.1-3.3.1 openscap-utils-debuginfo-1.3.1-3.3.1 References: https://bugzilla.suse.com/1160601 From sle-updates at lists.suse.com Wed Feb 5 07:11:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Feb 2020 15:11:15 +0100 (CET) Subject: SUSE-RU-2020:0323-1: moderate: Recommended update for openscap Message-ID: <20200205141115.D86F5F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for openscap ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0323-1 Rating: moderate References: #1160601 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openscap to version 1.3.1 fixes the following issues: New features: - Support for SCAP 1.3 Source Datastreams (evaluating, XML schemas, validation) - Introduced `oscap-podman` -- a tool for SCAP evaluation of Podman images and containers - Tailoring files are included in ARF result files - OVAL details are always shown in HTML report, users do not have to provide `--oval-results` on command line - HTML report displays OVAL test details also for OVAL tests included from other OVAL definitions using `extend_definition` - OVAL test IDs are shown in HTML report - Rule IDs are shown in HTML guide - Added `block_size` in Linux `partition_state` defined in OVAL 5.11.2 - Added `oscap_wrapper` that can be used to comfortably execute custom compiled oscap tool It also contains maintenance and bug fixes, for a complete list please see https://github.com/OpenSCAP/openscap/releases/tag/1.3.1 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-323=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-323=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openscap-debugsource-1.3.1-3.3.1 openscap-devel-1.3.1-3.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenscap25-1.3.1-3.3.1 libopenscap25-debuginfo-1.3.1-3.3.1 libopenscap_sce25-1.3.1-3.3.1 libopenscap_sce25-debuginfo-1.3.1-3.3.1 openscap-1.3.1-3.3.1 openscap-content-1.3.1-3.3.1 openscap-debugsource-1.3.1-3.3.1 openscap-utils-1.3.1-3.3.1 openscap-utils-debuginfo-1.3.1-3.3.1 References: https://bugzilla.suse.com/1160601 From sle-updates at lists.suse.com Wed Feb 5 07:12:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Feb 2020 15:12:27 +0100 (CET) Subject: SUSE-SU-2020:0324-1: important: Security update for python-reportlab Message-ID: <20200205141227.F2695F798@maintenance.suse.de> SUSE Security Update: Security update for python-reportlab ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0324-1 Rating: important References: #1154370 Cross-References: CVE-2019-17626 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-reportlab fixes the following issues: - CVE-2019-17626: Fixed a potential remote code execution because of the lack of input sanitization in toColor() (bsc#1154370). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-324=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2020-324=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): python-reportlab-2.7-3.3.1 python-reportlab-debuginfo-2.7-3.3.1 python-reportlab-debugsource-2.7-3.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): python-reportlab-2.7-3.3.1 python-reportlab-debuginfo-2.7-3.3.1 python-reportlab-debugsource-2.7-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-17626.html https://bugzilla.suse.com/1154370 From sle-updates at lists.suse.com Wed Feb 5 10:13:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Feb 2020 18:13:10 +0100 (CET) Subject: SUSE-RU-2020:0327-1: moderate: Recommended update for policycoreutils Message-ID: <20200205171310.1CC92F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for policycoreutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0327-1 Rating: moderate References: #1159262 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for policycoreutils fixes the following issues: - Prevent joining non-existing categories (bsc#1159262). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-327=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-327=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): policycoreutils-debuginfo-2.8-11.3.1 policycoreutils-debugsource-2.8-11.3.1 policycoreutils-devel-2.8-11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): policycoreutils-2.8-11.3.1 policycoreutils-debuginfo-2.8-11.3.1 policycoreutils-debugsource-2.8-11.3.1 policycoreutils-newrole-2.8-11.3.1 policycoreutils-newrole-debuginfo-2.8-11.3.1 python3-policycoreutils-2.8-11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): policycoreutils-lang-2.8-11.3.1 References: https://bugzilla.suse.com/1159262 From sle-updates at lists.suse.com Wed Feb 5 10:13:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Feb 2020 18:13:51 +0100 (CET) Subject: SUSE-RU-2020:0328-1: moderate: Recommended update for kdump Message-ID: <20200205171351.60F56F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0328-1 Rating: moderate References: #1021846 #1094444 #1101149 #1102252 #1108919 #1116463 #1117652 #1125011 #1130529 #1133407 #1141064 #1155921 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update for kdump fixes the following issues: - Update OpenQA test values for 'calibrate'. (bsc#1130529) - Prefer by-path and device-mapper aliases over kernel device names. (bsc#1101149, LTC#168532) - Do not reload on powerpc CPU hot removal. (bsc#1133407, LTC#176111) - Add ":force" option to KDUMP_NETCONFIG configuring 'fence_kdump'. (bsc#1108919) - Add 'fence_kdump_send' when fence-agents installed. (bsc#1108919) - Use a variable for path of 'fence_kdump_send' and remove the unnecessary PRESCRIPT check. (bsc#1108919) - Document kdump behaviour for fence_kdump_send. (bsc#1108919) - Improve the handling of NSS and prevent rebooting specific hardware in case of kdump kernel loading. (bsc#1021846) - Skip kdump-related mounts if there is no /proc/vmcore. (bsc#1102252, bsc#1125011) - Check whether kdump mount points are cleaned up. (bsc#1102252, bsc#1125011) - Clean up the use of current vs. boot network interface names. (bsc#1094444, bsc#1116463, bsc#1141064) - Use a custom namespace for physical NICs. (bsc#1094444, bsc#1116463, bsc#1141064) - Preserve white space when removing kernel command line options. (bsc#1117652) - Add a shortcut the build queues by allowing usage of systemd-mini. (bsc#1155921) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-328=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kdump-0.9.0-4.3.1 kdump-debuginfo-0.9.0-4.3.1 kdump-debugsource-0.9.0-4.3.1 References: https://bugzilla.suse.com/1021846 https://bugzilla.suse.com/1094444 https://bugzilla.suse.com/1101149 https://bugzilla.suse.com/1102252 https://bugzilla.suse.com/1108919 https://bugzilla.suse.com/1116463 https://bugzilla.suse.com/1117652 https://bugzilla.suse.com/1125011 https://bugzilla.suse.com/1130529 https://bugzilla.suse.com/1133407 https://bugzilla.suse.com/1141064 https://bugzilla.suse.com/1155921 From sle-updates at lists.suse.com Wed Feb 5 10:16:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Feb 2020 18:16:04 +0100 (CET) Subject: SUSE-RU-2020:0325-1: moderate: Recommended update for dmidecode Message-ID: <20200205171604.79B2FF79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for dmidecode ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0325-1 Rating: moderate References: #1153533 #1158833 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dmidecode fixes the following issues: - Add enumerated values from SMBIOS 3.3.0 preventing incorrect report of new VGA card. (bsc#1153533, bsc#1158833, jsc#SLE-10875) - Only scan '/dev/mem' for entry point on x86 (fixes reboot on ARM64). - Fix formatting of TPM table output (missing newlines). - Fix displaying system slot information for PCIe SSD. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-325=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 x86_64): dmidecode-3.2-9.3.2 dmidecode-debuginfo-3.2-9.3.2 dmidecode-debugsource-3.2-9.3.2 References: https://bugzilla.suse.com/1153533 https://bugzilla.suse.com/1158833 From sle-updates at lists.suse.com Wed Feb 5 10:16:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Feb 2020 18:16:52 +0100 (CET) Subject: SUSE-RU-2020:0326-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20200205171652.82535F79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0326-1 Rating: moderate References: #1154533 #1158664 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Properly handle IPv6 addresses in URLs - Fix crash with a stack trace if no current_smt is present (bsc#1158664). - Support repositories with different credentials files (bsc#1154533). - Add --clean option and --help - Add man page Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-326=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-9.0.8-52.27.1 cloud-regionsrv-client-generic-config-1.0.0-52.27.1 cloud-regionsrv-client-plugin-azure-1.0.1-52.27.1 cloud-regionsrv-client-plugin-ec2-1.0.0-52.27.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.27.1 References: https://bugzilla.suse.com/1154533 https://bugzilla.suse.com/1158664 From sle-updates at lists.suse.com Wed Feb 5 13:11:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Feb 2020 21:11:19 +0100 (CET) Subject: SUSE-RU-2020:0330-1: moderate: Recommended update for yast2-firstboot Message-ID: <20200205201119.89B41F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-firstboot ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0330-1 Rating: moderate References: #1094307 #1123091 #1134501 #1143106 #1154708 #1156905 #1159157 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for yast2-firstboot fixes the following issues: yast2-firstboot received the following fixes: - Improve the "firstboot_licenses" client to give precedence to the directory argument, allowing to use it multiple times to show different licenses (bsc#1154708). - Add firstboot.rnc to the desktop file (bsc#1156905). - Remove the references to the already dropped automatic configuration feature (FATE#314695). autoyast received the following fixes: - Fixed conflicting items in rule dialogs (bsc#1123091). - Semi-automatic with partition: Do not use the common AY partition workflow (bsc#1134501). - Do not reset Base-Product while registration. Do not call registration in the second installation stage again. (bsc#1143106). - Fix profile validation for scripts elements (bsc#1156905). - UI: Report XML parsing errors instead of just crashing (bsc#1159157). yast2-schema received the following fixes: - Fix 'firstboot' and 'scripts' elements validation (bsc#1156905). - Add create_subvolumes element (bsc#1094307) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-330=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): yast2-schema-4.0.4-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): autoyast2-4.0.70-3.20.1 autoyast2-installation-4.0.70-3.20.1 yast2-firstboot-4.0.10-3.14.1 References: https://bugzilla.suse.com/1094307 https://bugzilla.suse.com/1123091 https://bugzilla.suse.com/1134501 https://bugzilla.suse.com/1143106 https://bugzilla.suse.com/1154708 https://bugzilla.suse.com/1156905 https://bugzilla.suse.com/1159157 From sle-updates at lists.suse.com Wed Feb 5 19:11:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 03:11:13 +0100 (CET) Subject: SUSE-SU-2020:0331-1: important: Security update for systemd Message-ID: <20200206021113.9BCDEF798@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0331-1 Rating: important References: #1106383 #1133495 #1139459 #1151377 #1151506 #1154043 #1155574 #1156482 #1159814 #1162108 Cross-References: CVE-2020-1712 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has 9 fixes is now available. Description: This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459) - Fix warnings thrown during package installation. (bsc#1154043) - Fix for system-udevd prevent crash within OES2018. (bsc#1151506) - Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482) - Wait for workers to finish when exiting. (bsc#1106383) - Improve log message when inotify limit is reached. (bsc#1155574) - Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377) - Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-331=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-331=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-331=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-331=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-331=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-331=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-331=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-331=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-331=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-331=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-331=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-331=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-331=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-331=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libsystemd0-228-150.82.1 libsystemd0-32bit-228-150.82.1 libsystemd0-debuginfo-228-150.82.1 libsystemd0-debuginfo-32bit-228-150.82.1 libudev1-228-150.82.1 libudev1-32bit-228-150.82.1 libudev1-debuginfo-228-150.82.1 libudev1-debuginfo-32bit-228-150.82.1 systemd-228-150.82.1 systemd-32bit-228-150.82.1 systemd-debuginfo-228-150.82.1 systemd-debuginfo-32bit-228-150.82.1 systemd-debugsource-228-150.82.1 systemd-sysvinit-228-150.82.1 udev-228-150.82.1 udev-debuginfo-228-150.82.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): systemd-bash-completion-228-150.82.1 - SUSE OpenStack Cloud 8 (x86_64): libsystemd0-228-150.82.1 libsystemd0-32bit-228-150.82.1 libsystemd0-debuginfo-228-150.82.1 libsystemd0-debuginfo-32bit-228-150.82.1 libudev1-228-150.82.1 libudev1-32bit-228-150.82.1 libudev1-debuginfo-228-150.82.1 libudev1-debuginfo-32bit-228-150.82.1 systemd-228-150.82.1 systemd-32bit-228-150.82.1 systemd-debuginfo-228-150.82.1 systemd-debuginfo-32bit-228-150.82.1 systemd-debugsource-228-150.82.1 systemd-sysvinit-228-150.82.1 udev-228-150.82.1 udev-debuginfo-228-150.82.1 - SUSE OpenStack Cloud 8 (noarch): systemd-bash-completion-228-150.82.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libsystemd0-228-150.82.1 libsystemd0-32bit-228-150.82.1 libsystemd0-debuginfo-228-150.82.1 libsystemd0-debuginfo-32bit-228-150.82.1 libudev-devel-228-150.82.1 libudev1-228-150.82.1 libudev1-32bit-228-150.82.1 libudev1-debuginfo-228-150.82.1 libudev1-debuginfo-32bit-228-150.82.1 systemd-228-150.82.1 systemd-32bit-228-150.82.1 systemd-debuginfo-228-150.82.1 systemd-debuginfo-32bit-228-150.82.1 systemd-debugsource-228-150.82.1 systemd-sysvinit-228-150.82.1 udev-228-150.82.1 udev-debuginfo-228-150.82.1 - SUSE OpenStack Cloud 7 (noarch): systemd-bash-completion-228-150.82.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.82.1 systemd-debuginfo-228-150.82.1 systemd-debugsource-228-150.82.1 systemd-devel-228-150.82.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libsystemd0-228-150.82.1 libsystemd0-debuginfo-228-150.82.1 libudev1-228-150.82.1 libudev1-debuginfo-228-150.82.1 systemd-228-150.82.1 systemd-debuginfo-228-150.82.1 systemd-debugsource-228-150.82.1 systemd-sysvinit-228-150.82.1 udev-228-150.82.1 udev-debuginfo-228-150.82.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): systemd-bash-completion-228-150.82.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libsystemd0-32bit-228-150.82.1 libsystemd0-debuginfo-32bit-228-150.82.1 libudev1-32bit-228-150.82.1 libudev1-debuginfo-32bit-228-150.82.1 systemd-32bit-228-150.82.1 systemd-debuginfo-32bit-228-150.82.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsystemd0-228-150.82.1 libsystemd0-debuginfo-228-150.82.1 libudev-devel-228-150.82.1 libudev1-228-150.82.1 libudev1-debuginfo-228-150.82.1 systemd-228-150.82.1 systemd-debuginfo-228-150.82.1 systemd-debugsource-228-150.82.1 systemd-sysvinit-228-150.82.1 udev-228-150.82.1 udev-debuginfo-228-150.82.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libsystemd0-32bit-228-150.82.1 libsystemd0-debuginfo-32bit-228-150.82.1 libudev1-32bit-228-150.82.1 libudev1-debuginfo-32bit-228-150.82.1 systemd-32bit-228-150.82.1 systemd-debuginfo-32bit-228-150.82.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): systemd-bash-completion-228-150.82.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.82.1 libsystemd0-debuginfo-228-150.82.1 libudev1-228-150.82.1 libudev1-debuginfo-228-150.82.1 systemd-228-150.82.1 systemd-debuginfo-228-150.82.1 systemd-debugsource-228-150.82.1 systemd-sysvinit-228-150.82.1 udev-228-150.82.1 udev-debuginfo-228-150.82.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsystemd0-32bit-228-150.82.1 libsystemd0-debuginfo-32bit-228-150.82.1 libudev1-32bit-228-150.82.1 libudev1-debuginfo-32bit-228-150.82.1 systemd-32bit-228-150.82.1 systemd-debuginfo-32bit-228-150.82.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): systemd-bash-completion-228-150.82.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.82.1 libsystemd0-debuginfo-228-150.82.1 libudev1-228-150.82.1 libudev1-debuginfo-228-150.82.1 systemd-228-150.82.1 systemd-debuginfo-228-150.82.1 systemd-debugsource-228-150.82.1 systemd-sysvinit-228-150.82.1 udev-228-150.82.1 udev-debuginfo-228-150.82.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libsystemd0-32bit-228-150.82.1 libsystemd0-debuginfo-32bit-228-150.82.1 libudev1-32bit-228-150.82.1 libudev1-debuginfo-32bit-228-150.82.1 systemd-32bit-228-150.82.1 systemd-debuginfo-32bit-228-150.82.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): systemd-bash-completion-228-150.82.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libsystemd0-228-150.82.1 libsystemd0-32bit-228-150.82.1 libsystemd0-debuginfo-228-150.82.1 libsystemd0-debuginfo-32bit-228-150.82.1 libudev1-228-150.82.1 libudev1-32bit-228-150.82.1 libudev1-debuginfo-228-150.82.1 libudev1-debuginfo-32bit-228-150.82.1 systemd-228-150.82.1 systemd-32bit-228-150.82.1 systemd-debuginfo-228-150.82.1 systemd-debuginfo-32bit-228-150.82.1 systemd-debugsource-228-150.82.1 systemd-sysvinit-228-150.82.1 udev-228-150.82.1 udev-debuginfo-228-150.82.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): systemd-bash-completion-228-150.82.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsystemd0-228-150.82.1 libsystemd0-debuginfo-228-150.82.1 libudev-devel-228-150.82.1 libudev1-228-150.82.1 libudev1-debuginfo-228-150.82.1 systemd-228-150.82.1 systemd-debuginfo-228-150.82.1 systemd-debugsource-228-150.82.1 systemd-sysvinit-228-150.82.1 udev-228-150.82.1 udev-debuginfo-228-150.82.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libsystemd0-32bit-228-150.82.1 libsystemd0-debuginfo-32bit-228-150.82.1 libudev1-32bit-228-150.82.1 libudev1-debuginfo-32bit-228-150.82.1 systemd-32bit-228-150.82.1 systemd-debuginfo-32bit-228-150.82.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): systemd-bash-completion-228-150.82.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsystemd0-228-150.82.1 libsystemd0-32bit-228-150.82.1 libsystemd0-debuginfo-228-150.82.1 libsystemd0-debuginfo-32bit-228-150.82.1 libudev1-228-150.82.1 libudev1-32bit-228-150.82.1 libudev1-debuginfo-228-150.82.1 libudev1-debuginfo-32bit-228-150.82.1 systemd-228-150.82.1 systemd-32bit-228-150.82.1 systemd-debuginfo-228-150.82.1 systemd-debuginfo-32bit-228-150.82.1 systemd-debugsource-228-150.82.1 systemd-sysvinit-228-150.82.1 udev-228-150.82.1 udev-debuginfo-228-150.82.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): systemd-bash-completion-228-150.82.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): systemd-bash-completion-228-150.82.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsystemd0-228-150.82.1 libsystemd0-32bit-228-150.82.1 libsystemd0-debuginfo-228-150.82.1 libsystemd0-debuginfo-32bit-228-150.82.1 libudev1-228-150.82.1 libudev1-32bit-228-150.82.1 libudev1-debuginfo-228-150.82.1 libudev1-debuginfo-32bit-228-150.82.1 systemd-228-150.82.1 systemd-32bit-228-150.82.1 systemd-debuginfo-228-150.82.1 systemd-debuginfo-32bit-228-150.82.1 systemd-debugsource-228-150.82.1 systemd-sysvinit-228-150.82.1 udev-228-150.82.1 udev-debuginfo-228-150.82.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libsystemd0-228-150.82.1 libsystemd0-debuginfo-228-150.82.1 libudev1-228-150.82.1 libudev1-debuginfo-228-150.82.1 systemd-228-150.82.1 systemd-debuginfo-228-150.82.1 systemd-debugsource-228-150.82.1 systemd-sysvinit-228-150.82.1 udev-228-150.82.1 udev-debuginfo-228-150.82.1 - SUSE Enterprise Storage 5 (x86_64): libsystemd0-32bit-228-150.82.1 libsystemd0-debuginfo-32bit-228-150.82.1 libudev1-32bit-228-150.82.1 libudev1-debuginfo-32bit-228-150.82.1 systemd-32bit-228-150.82.1 systemd-debuginfo-32bit-228-150.82.1 - SUSE Enterprise Storage 5 (noarch): systemd-bash-completion-228-150.82.1 - SUSE CaaS Platform 3.0 (x86_64): libsystemd0-228-150.82.1 libsystemd0-debuginfo-228-150.82.1 libudev1-228-150.82.1 libudev1-debuginfo-228-150.82.1 systemd-228-150.82.1 systemd-debuginfo-228-150.82.1 systemd-debugsource-228-150.82.1 systemd-sysvinit-228-150.82.1 udev-228-150.82.1 udev-debuginfo-228-150.82.1 - HPE Helion Openstack 8 (noarch): systemd-bash-completion-228-150.82.1 - HPE Helion Openstack 8 (x86_64): libsystemd0-228-150.82.1 libsystemd0-32bit-228-150.82.1 libsystemd0-debuginfo-228-150.82.1 libsystemd0-debuginfo-32bit-228-150.82.1 libudev1-228-150.82.1 libudev1-32bit-228-150.82.1 libudev1-debuginfo-228-150.82.1 libudev1-debuginfo-32bit-228-150.82.1 systemd-228-150.82.1 systemd-32bit-228-150.82.1 systemd-debuginfo-228-150.82.1 systemd-debuginfo-32bit-228-150.82.1 systemd-debugsource-228-150.82.1 systemd-sysvinit-228-150.82.1 udev-228-150.82.1 udev-debuginfo-228-150.82.1 References: https://www.suse.com/security/cve/CVE-2020-1712.html https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1133495 https://bugzilla.suse.com/1139459 https://bugzilla.suse.com/1151377 https://bugzilla.suse.com/1151506 https://bugzilla.suse.com/1154043 https://bugzilla.suse.com/1155574 https://bugzilla.suse.com/1156482 https://bugzilla.suse.com/1159814 https://bugzilla.suse.com/1162108 From sle-updates at lists.suse.com Thu Feb 6 03:31:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 11:31:19 +0100 (CET) Subject: SUSE-CU-2020:46-1: Security update of suse/sles12sp4 Message-ID: <20200206103119.16AB8F796@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:46-1 Container Tags : suse/sles12sp4:26.132 , suse/sles12sp4:latest Container Release : 26.132 Severity : important Type : security References : 1106383 1133495 1139459 1151377 1151506 1154043 1155574 1156482 1159814 1162108 CVE-2020-1712 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:331-1 Released: Wed Feb 5 21:34:11 2020 Summary: Security update for systemd Type: security Severity: important References: 1106383,1133495,1139459,1151377,1151506,1154043,1155574,1156482,1159814,1162108,CVE-2020-1712 Description: This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459) - Fix warnings thrown during package installation. (bsc#1154043) - Fix for system-udevd prevent crash within OES2018. (bsc#1151506) - Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482) - Wait for workers to finish when exiting. (bsc#1106383) - Improve log message when inotify limit is reached. (bsc#1155574) - Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377) - Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814) From sle-updates at lists.suse.com Thu Feb 6 03:35:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 11:35:38 +0100 (CET) Subject: SUSE-CU-2020:47-1: Security update of suse/sles12sp3 Message-ID: <20200206103538.C81FDF796@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:47-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.106 , suse/sles12sp3:latest Container Release : 24.106 Severity : important Type : security References : 1106383 1133495 1139459 1151377 1151506 1154043 1155574 1156482 1159814 1162108 CVE-2020-1712 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:331-1 Released: Wed Feb 5 21:34:11 2020 Summary: Security update for systemd Type: security Severity: important References: 1106383,1133495,1139459,1151377,1151506,1154043,1155574,1156482,1159814,1162108,CVE-2020-1712 Description: This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459) - Fix warnings thrown during package installation. (bsc#1154043) - Fix for system-udevd prevent crash within OES2018. (bsc#1151506) - Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482) - Wait for workers to finish when exiting. (bsc#1106383) - Improve log message when inotify limit is reached. (bsc#1155574) - Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377) - Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814) From sle-updates at lists.suse.com Thu Feb 6 04:11:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 12:11:14 +0100 (CET) Subject: SUSE-RU-2020:0333-1: moderate: Recommended update for perl-DBI Message-ID: <20200206111114.6BAE2F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-DBI ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0333-1 Rating: moderate References: #1160510 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl-DBI fixes the following issues: - Fix invalid utf-8 encoding in Changelogtext, which caused "zypper search" not finding the package. (bsc#1160510) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-333=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): perl-DBI-1.639-3.5.1 perl-DBI-debuginfo-1.639-3.5.1 perl-DBI-debugsource-1.639-3.5.1 References: https://bugzilla.suse.com/1160510 From sle-updates at lists.suse.com Thu Feb 6 04:11:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 12:11:57 +0100 (CET) Subject: SUSE-RU-2020:0332-1: moderate: Recommended update for rsyslog Message-ID: <20200206111157.9A4C1F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0332-1 Rating: moderate References: #1156499 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - Fix for some QA test segfault occured in libc. (bsc#1156499) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-332=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-332=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-332=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): rsyslog-8.24.0-3.39.1 rsyslog-debuginfo-8.24.0-3.39.1 rsyslog-debugsource-8.24.0-3.39.1 rsyslog-diag-tools-8.24.0-3.39.1 rsyslog-diag-tools-debuginfo-8.24.0-3.39.1 rsyslog-doc-8.24.0-3.39.1 rsyslog-module-gssapi-8.24.0-3.39.1 rsyslog-module-gssapi-debuginfo-8.24.0-3.39.1 rsyslog-module-gtls-8.24.0-3.39.1 rsyslog-module-gtls-debuginfo-8.24.0-3.39.1 rsyslog-module-mmnormalize-8.24.0-3.39.1 rsyslog-module-mmnormalize-debuginfo-8.24.0-3.39.1 rsyslog-module-mysql-8.24.0-3.39.1 rsyslog-module-mysql-debuginfo-8.24.0-3.39.1 rsyslog-module-pgsql-8.24.0-3.39.1 rsyslog-module-pgsql-debuginfo-8.24.0-3.39.1 rsyslog-module-relp-8.24.0-3.39.1 rsyslog-module-relp-debuginfo-8.24.0-3.39.1 rsyslog-module-snmp-8.24.0-3.39.1 rsyslog-module-snmp-debuginfo-8.24.0-3.39.1 rsyslog-module-udpspoof-8.24.0-3.39.1 rsyslog-module-udpspoof-debuginfo-8.24.0-3.39.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): rsyslog-8.24.0-3.39.1 rsyslog-debuginfo-8.24.0-3.39.1 rsyslog-debugsource-8.24.0-3.39.1 rsyslog-diag-tools-8.24.0-3.39.1 rsyslog-diag-tools-debuginfo-8.24.0-3.39.1 rsyslog-doc-8.24.0-3.39.1 rsyslog-module-gssapi-8.24.0-3.39.1 rsyslog-module-gssapi-debuginfo-8.24.0-3.39.1 rsyslog-module-gtls-8.24.0-3.39.1 rsyslog-module-gtls-debuginfo-8.24.0-3.39.1 rsyslog-module-mmnormalize-8.24.0-3.39.1 rsyslog-module-mmnormalize-debuginfo-8.24.0-3.39.1 rsyslog-module-mysql-8.24.0-3.39.1 rsyslog-module-mysql-debuginfo-8.24.0-3.39.1 rsyslog-module-pgsql-8.24.0-3.39.1 rsyslog-module-pgsql-debuginfo-8.24.0-3.39.1 rsyslog-module-relp-8.24.0-3.39.1 rsyslog-module-relp-debuginfo-8.24.0-3.39.1 rsyslog-module-snmp-8.24.0-3.39.1 rsyslog-module-snmp-debuginfo-8.24.0-3.39.1 rsyslog-module-udpspoof-8.24.0-3.39.1 rsyslog-module-udpspoof-debuginfo-8.24.0-3.39.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): rsyslog-8.24.0-3.39.1 rsyslog-debuginfo-8.24.0-3.39.1 rsyslog-debugsource-8.24.0-3.39.1 - SUSE CaaS Platform 3.0 (x86_64): rsyslog-8.24.0-3.39.1 rsyslog-debuginfo-8.24.0-3.39.1 rsyslog-debugsource-8.24.0-3.39.1 rsyslog-module-mmnormalize-8.24.0-3.39.1 rsyslog-module-mmnormalize-debuginfo-8.24.0-3.39.1 References: https://bugzilla.suse.com/1156499 From sle-updates at lists.suse.com Thu Feb 6 07:11:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 15:11:42 +0100 (CET) Subject: SUSE-SU-2020:0335-1: important: Security update for systemd Message-ID: <20200206141142.BD5B7F798@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0335-1 Rating: important References: #1084671 #1092920 #1106383 #1133495 #1151377 #1154256 #1155207 #1155574 #1156213 #1156482 #1158485 #1159814 #1161436 #1162108 Cross-References: CVE-2019-20386 CVE-2020-1712 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves two vulnerabilities and has 12 fixes is now available. Description: This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) - bus_open leak sd_event_source when udevadm trigger??? (bsc#1161436 CVE-2019-20386) - fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) - fileio: initialize errno to zero before we do fread() - fileio: try to read one byte too much in read_full_stream() - logind: consider "greeter" sessions suitable as "display" sessions of a user (bsc#1158485) - logind: never elect a session that is stopping as display - journal: include kmsg lines from the systemd process which exec()d us (#8078) - udevd: don't use monitor after manager_exit() - udevd: capitalize log messages in on_sigchld() - udevd: merge conditions to decrease indentation - Revert "udevd: fix crash when workers time out after exit is signal caught" - core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482) - udevd: fix crash when workers time out after exit is signal caught - udevd: wait for workers to finish when exiting (bsc#1106383) - Improve bash completion support (bsc#1155207) * shell-completion: systemctl: do not list template units in {re,}start * shell-completion: systemctl: pass current word to all list_unit* * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207) * bash-completion: systemctl: use systemctl --no-pager * bash-completion: also suggest template unit files * bash-completion: systemctl: add missing options and verbs * bash-completion: use the first argument instead of the global variable (#6457) - networkd: VXLan Make group and remote variable separate (bsc#1156213) - networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213) - fs-util: let's avoid unnecessary strerror() - fs-util: introduce inotify_add_watch_and_warn() helper - ask-password: improve log message when inotify limit is reached (bsc#1155574) - shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377) - man: alias names can't be used with enable command (bsc#1151377) - Add boot option to not use swap at system start (jsc#SLE-7689) - Allow YaST to select Iranian (Persian, Farsi) keyboard layout (bsc#1092920) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-335=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-335=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-335=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-335=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-335=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-335=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-335=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-335=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libsystemd0-234-24.39.1 libsystemd0-debuginfo-234-24.39.1 libudev-devel-234-24.39.1 libudev1-234-24.39.1 libudev1-debuginfo-234-24.39.1 systemd-234-24.39.1 systemd-container-234-24.39.1 systemd-container-debuginfo-234-24.39.1 systemd-coredump-234-24.39.1 systemd-coredump-debuginfo-234-24.39.1 systemd-debuginfo-234-24.39.1 systemd-debugsource-234-24.39.1 systemd-devel-234-24.39.1 systemd-sysvinit-234-24.39.1 udev-234-24.39.1 udev-debuginfo-234-24.39.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libsystemd0-32bit-234-24.39.1 libsystemd0-32bit-debuginfo-234-24.39.1 libudev1-32bit-234-24.39.1 libudev1-32bit-debuginfo-234-24.39.1 systemd-32bit-234-24.39.1 systemd-32bit-debuginfo-234-24.39.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): systemd-bash-completion-234-24.39.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libsystemd0-234-24.39.1 libsystemd0-debuginfo-234-24.39.1 libudev-devel-234-24.39.1 libudev1-234-24.39.1 libudev1-debuginfo-234-24.39.1 systemd-234-24.39.1 systemd-container-234-24.39.1 systemd-container-debuginfo-234-24.39.1 systemd-coredump-234-24.39.1 systemd-coredump-debuginfo-234-24.39.1 systemd-debuginfo-234-24.39.1 systemd-debugsource-234-24.39.1 systemd-devel-234-24.39.1 systemd-sysvinit-234-24.39.1 udev-234-24.39.1 udev-debuginfo-234-24.39.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): systemd-bash-completion-234-24.39.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libsystemd0-mini-234-24.39.1 libsystemd0-mini-debuginfo-234-24.39.1 libudev-mini-devel-234-24.39.1 libudev-mini1-234-24.39.1 libudev-mini1-debuginfo-234-24.39.1 nss-myhostname-234-24.39.1 nss-myhostname-debuginfo-234-24.39.1 nss-mymachines-234-24.39.1 nss-mymachines-debuginfo-234-24.39.1 nss-systemd-234-24.39.1 nss-systemd-debuginfo-234-24.39.1 systemd-debuginfo-234-24.39.1 systemd-debugsource-234-24.39.1 systemd-logger-234-24.39.1 systemd-mini-234-24.39.1 systemd-mini-container-mini-234-24.39.1 systemd-mini-container-mini-debuginfo-234-24.39.1 systemd-mini-coredump-mini-234-24.39.1 systemd-mini-coredump-mini-debuginfo-234-24.39.1 systemd-mini-debuginfo-234-24.39.1 systemd-mini-debugsource-234-24.39.1 systemd-mini-devel-234-24.39.1 systemd-mini-sysvinit-234-24.39.1 udev-mini-234-24.39.1 udev-mini-debuginfo-234-24.39.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libudev-devel-32bit-234-24.39.1 nss-myhostname-32bit-234-24.39.1 nss-myhostname-32bit-debuginfo-234-24.39.1 nss-mymachines-32bit-234-24.39.1 nss-mymachines-32bit-debuginfo-234-24.39.1 systemd-32bit-debuginfo-234-24.39.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): systemd-mini-bash-completion-234-24.39.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libsystemd0-mini-234-24.39.1 libsystemd0-mini-debuginfo-234-24.39.1 libudev-mini-devel-234-24.39.1 libudev-mini1-234-24.39.1 libudev-mini1-debuginfo-234-24.39.1 nss-myhostname-234-24.39.1 nss-myhostname-debuginfo-234-24.39.1 nss-mymachines-234-24.39.1 nss-mymachines-debuginfo-234-24.39.1 nss-systemd-234-24.39.1 nss-systemd-debuginfo-234-24.39.1 systemd-debuginfo-234-24.39.1 systemd-debugsource-234-24.39.1 systemd-logger-234-24.39.1 systemd-mini-234-24.39.1 systemd-mini-container-mini-234-24.39.1 systemd-mini-container-mini-debuginfo-234-24.39.1 systemd-mini-coredump-mini-234-24.39.1 systemd-mini-coredump-mini-debuginfo-234-24.39.1 systemd-mini-debuginfo-234-24.39.1 systemd-mini-debugsource-234-24.39.1 systemd-mini-devel-234-24.39.1 systemd-mini-sysvinit-234-24.39.1 udev-mini-234-24.39.1 udev-mini-debuginfo-234-24.39.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): systemd-mini-bash-completion-234-24.39.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.39.1 libsystemd0-debuginfo-234-24.39.1 libudev-devel-234-24.39.1 libudev1-234-24.39.1 libudev1-debuginfo-234-24.39.1 systemd-234-24.39.1 systemd-container-234-24.39.1 systemd-container-debuginfo-234-24.39.1 systemd-coredump-234-24.39.1 systemd-coredump-debuginfo-234-24.39.1 systemd-debuginfo-234-24.39.1 systemd-debugsource-234-24.39.1 systemd-devel-234-24.39.1 systemd-sysvinit-234-24.39.1 udev-234-24.39.1 udev-debuginfo-234-24.39.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libsystemd0-32bit-234-24.39.1 libsystemd0-32bit-debuginfo-234-24.39.1 libudev1-32bit-234-24.39.1 libudev1-32bit-debuginfo-234-24.39.1 systemd-32bit-234-24.39.1 systemd-32bit-debuginfo-234-24.39.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): systemd-bash-completion-234-24.39.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.39.1 libsystemd0-debuginfo-234-24.39.1 libudev-devel-234-24.39.1 libudev1-234-24.39.1 libudev1-debuginfo-234-24.39.1 systemd-234-24.39.1 systemd-container-234-24.39.1 systemd-container-debuginfo-234-24.39.1 systemd-coredump-234-24.39.1 systemd-coredump-debuginfo-234-24.39.1 systemd-debuginfo-234-24.39.1 systemd-debugsource-234-24.39.1 systemd-devel-234-24.39.1 systemd-sysvinit-234-24.39.1 udev-234-24.39.1 udev-debuginfo-234-24.39.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): systemd-bash-completion-234-24.39.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libsystemd0-32bit-234-24.39.1 libsystemd0-32bit-debuginfo-234-24.39.1 libudev1-32bit-234-24.39.1 libudev1-32bit-debuginfo-234-24.39.1 systemd-32bit-234-24.39.1 systemd-32bit-debuginfo-234-24.39.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libsystemd0-234-24.39.1 libsystemd0-debuginfo-234-24.39.1 libudev-devel-234-24.39.1 libudev1-234-24.39.1 libudev1-debuginfo-234-24.39.1 systemd-234-24.39.1 systemd-container-234-24.39.1 systemd-container-debuginfo-234-24.39.1 systemd-coredump-234-24.39.1 systemd-coredump-debuginfo-234-24.39.1 systemd-debuginfo-234-24.39.1 systemd-debugsource-234-24.39.1 systemd-devel-234-24.39.1 systemd-sysvinit-234-24.39.1 udev-234-24.39.1 udev-debuginfo-234-24.39.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): systemd-bash-completion-234-24.39.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libsystemd0-32bit-234-24.39.1 libsystemd0-32bit-debuginfo-234-24.39.1 libudev1-32bit-234-24.39.1 libudev1-32bit-debuginfo-234-24.39.1 systemd-32bit-234-24.39.1 systemd-32bit-debuginfo-234-24.39.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libsystemd0-234-24.39.1 libsystemd0-debuginfo-234-24.39.1 libudev-devel-234-24.39.1 libudev1-234-24.39.1 libudev1-debuginfo-234-24.39.1 systemd-234-24.39.1 systemd-container-234-24.39.1 systemd-container-debuginfo-234-24.39.1 systemd-coredump-234-24.39.1 systemd-coredump-debuginfo-234-24.39.1 systemd-debuginfo-234-24.39.1 systemd-debugsource-234-24.39.1 systemd-devel-234-24.39.1 systemd-sysvinit-234-24.39.1 udev-234-24.39.1 udev-debuginfo-234-24.39.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): systemd-bash-completion-234-24.39.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libsystemd0-32bit-234-24.39.1 libsystemd0-32bit-debuginfo-234-24.39.1 libudev1-32bit-234-24.39.1 libudev1-32bit-debuginfo-234-24.39.1 systemd-32bit-234-24.39.1 systemd-32bit-debuginfo-234-24.39.1 References: https://www.suse.com/security/cve/CVE-2019-20386.html https://www.suse.com/security/cve/CVE-2020-1712.html https://bugzilla.suse.com/1084671 https://bugzilla.suse.com/1092920 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1133495 https://bugzilla.suse.com/1151377 https://bugzilla.suse.com/1154256 https://bugzilla.suse.com/1155207 https://bugzilla.suse.com/1155574 https://bugzilla.suse.com/1156213 https://bugzilla.suse.com/1156482 https://bugzilla.suse.com/1158485 https://bugzilla.suse.com/1159814 https://bugzilla.suse.com/1161436 https://bugzilla.suse.com/1162108 From sle-updates at lists.suse.com Thu Feb 6 07:14:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 15:14:05 +0100 (CET) Subject: SUSE-SU-2020:0334-1: important: Security update for xen Message-ID: <20200206141405.41FC3F798@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0334-1 Rating: important References: #1152497 #1154448 #1154456 #1154458 #1154461 #1155945 #1157888 #1158003 #1158004 #1158005 #1158006 #1158007 #1161181 Cross-References: CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19583 CVE-2020-7211 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host (bsc#1161181). - CVE-2019-19579: Device quarantine for alternate pci assignment methods (bsc#1157888). - CVE-2019-19581: find_next_bit() issues (bsc#1158003). - CVE-2019-19583: VMentry failure with debug exceptions and blocked states (bsc#1158004). - CVE-2019-19578: Linear pagetable use / entry miscounts (bsc#1158005). - CVE-2019-19580: Further issues with restartable PV type change operations (bsc#1158006). - CVE-2019-19577: dynamic height for the IOMMU pagetables (bsc#1158007). - CVE-2019-18420: VCPUOP_initialise DoS (bsc#1154448). - CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation (bsc#1154456). - CVE-2019-18421: Issues with restartable PV type change operations (bsc#1154458). - CVE-2019-18424: passed through PCI devices may corrupt host memory after deassignment (bsc#1154461). - CVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka IFU issue) (bsc#1155945). - CVE-2019-11135: TSX Asynchronous Abort (TAA) issue (bsc#1152497). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-334=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-334=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-334=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-334=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.6_06-43.59.1 xen-debugsource-4.7.6_06-43.59.1 xen-doc-html-4.7.6_06-43.59.1 xen-libs-32bit-4.7.6_06-43.59.1 xen-libs-4.7.6_06-43.59.1 xen-libs-debuginfo-32bit-4.7.6_06-43.59.1 xen-libs-debuginfo-4.7.6_06-43.59.1 xen-tools-4.7.6_06-43.59.1 xen-tools-debuginfo-4.7.6_06-43.59.1 xen-tools-domU-4.7.6_06-43.59.1 xen-tools-domU-debuginfo-4.7.6_06-43.59.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): xen-4.7.6_06-43.59.1 xen-debugsource-4.7.6_06-43.59.1 xen-doc-html-4.7.6_06-43.59.1 xen-libs-32bit-4.7.6_06-43.59.1 xen-libs-4.7.6_06-43.59.1 xen-libs-debuginfo-32bit-4.7.6_06-43.59.1 xen-libs-debuginfo-4.7.6_06-43.59.1 xen-tools-4.7.6_06-43.59.1 xen-tools-debuginfo-4.7.6_06-43.59.1 xen-tools-domU-4.7.6_06-43.59.1 xen-tools-domU-debuginfo-4.7.6_06-43.59.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): xen-4.7.6_06-43.59.1 xen-debugsource-4.7.6_06-43.59.1 xen-doc-html-4.7.6_06-43.59.1 xen-libs-32bit-4.7.6_06-43.59.1 xen-libs-4.7.6_06-43.59.1 xen-libs-debuginfo-32bit-4.7.6_06-43.59.1 xen-libs-debuginfo-4.7.6_06-43.59.1 xen-tools-4.7.6_06-43.59.1 xen-tools-debuginfo-4.7.6_06-43.59.1 xen-tools-domU-4.7.6_06-43.59.1 xen-tools-domU-debuginfo-4.7.6_06-43.59.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_06-43.59.1 xen-debugsource-4.7.6_06-43.59.1 xen-doc-html-4.7.6_06-43.59.1 xen-libs-32bit-4.7.6_06-43.59.1 xen-libs-4.7.6_06-43.59.1 xen-libs-debuginfo-32bit-4.7.6_06-43.59.1 xen-libs-debuginfo-4.7.6_06-43.59.1 xen-tools-4.7.6_06-43.59.1 xen-tools-debuginfo-4.7.6_06-43.59.1 xen-tools-domU-4.7.6_06-43.59.1 xen-tools-domU-debuginfo-4.7.6_06-43.59.1 References: https://www.suse.com/security/cve/CVE-2018-12207.html https://www.suse.com/security/cve/CVE-2019-11135.html https://www.suse.com/security/cve/CVE-2019-18420.html https://www.suse.com/security/cve/CVE-2019-18421.html https://www.suse.com/security/cve/CVE-2019-18424.html https://www.suse.com/security/cve/CVE-2019-18425.html https://www.suse.com/security/cve/CVE-2019-19577.html https://www.suse.com/security/cve/CVE-2019-19578.html https://www.suse.com/security/cve/CVE-2019-19579.html https://www.suse.com/security/cve/CVE-2019-19580.html https://www.suse.com/security/cve/CVE-2019-19581.html https://www.suse.com/security/cve/CVE-2019-19583.html https://www.suse.com/security/cve/CVE-2020-7211.html https://bugzilla.suse.com/1152497 https://bugzilla.suse.com/1154448 https://bugzilla.suse.com/1154456 https://bugzilla.suse.com/1154458 https://bugzilla.suse.com/1154461 https://bugzilla.suse.com/1155945 https://bugzilla.suse.com/1157888 https://bugzilla.suse.com/1158003 https://bugzilla.suse.com/1158004 https://bugzilla.suse.com/1158005 https://bugzilla.suse.com/1158006 https://bugzilla.suse.com/1158007 https://bugzilla.suse.com/1161181 From sle-updates at lists.suse.com Thu Feb 6 09:20:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 17:20:22 +0100 (CET) Subject: SUSE-CU-2020:48-1: Security update of suse/sle15 Message-ID: <20200206162022.C69F3F798@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:48-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.145 Container Release : 4.22.145 Severity : important Type : security References : 1084671 1092920 1106383 1133495 1151377 1154256 1155207 1155574 1156213 1156482 1158485 1158921 1159814 1161436 1162108 CVE-2019-20386 CVE-2020-1712 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:335-1 Released: Thu Feb 6 11:37:24 2020 Summary: Security update for systemd Type: security Severity: important References: 1084671,1092920,1106383,1133495,1151377,1154256,1155207,1155574,1156213,1156482,1158485,1159814,1161436,1162108,CVE-2019-20386,CVE-2020-1712 Description: This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) - bus_open leak sd_event_source when udevadm trigger??? (bsc#1161436 CVE-2019-20386) - fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) - fileio: initialize errno to zero before we do fread() - fileio: try to read one byte too much in read_full_stream() - logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485) - logind: never elect a session that is stopping as display - journal: include kmsg lines from the systemd process which exec()d us (#8078) - udevd: don't use monitor after manager_exit() - udevd: capitalize log messages in on_sigchld() - udevd: merge conditions to decrease indentation - Revert 'udevd: fix crash when workers time out after exit is signal caught' - core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482) - udevd: fix crash when workers time out after exit is signal caught - udevd: wait for workers to finish when exiting (bsc#1106383) - Improve bash completion support (bsc#1155207) * shell-completion: systemctl: do not list template units in {re,}start * shell-completion: systemctl: pass current word to all list_unit* * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207) * bash-completion: systemctl: use systemctl --no-pager * bash-completion: also suggest template unit files * bash-completion: systemctl: add missing options and verbs * bash-completion: use the first argument instead of the global variable (#6457) - networkd: VXLan Make group and remote variable separate (bsc#1156213) - networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213) - fs-util: let's avoid unnecessary strerror() - fs-util: introduce inotify_add_watch_and_warn() helper - ask-password: improve log message when inotify limit is reached (bsc#1155574) - shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377) - man: alias names can't be used with enable command (bsc#1151377) - Add boot option to not use swap at system start (jsc#SLE-7689) - Allow YaST to select Iranian (Persian, Farsi) keyboard layout (bsc#1092920) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:339-1 Released: Thu Feb 6 13:03:22 2020 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1158921 Description: This update for openldap2 provides the following fix: - Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921) From sle-updates at lists.suse.com Thu Feb 6 09:23:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 17:23:22 +0100 (CET) Subject: SUSE-CU-2020:49-1: Security update of suse/sle15 Message-ID: <20200206162322.A172FF798@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:49-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.156 Container Release : 6.2.156 Severity : important Type : security References : 1084671 1092920 1106383 1133495 1151377 1154256 1155207 1155574 1156213 1156482 1158485 1158921 1159814 1161436 1162108 CVE-2019-20386 CVE-2020-1712 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:335-1 Released: Thu Feb 6 11:37:24 2020 Summary: Security update for systemd Type: security Severity: important References: 1084671,1092920,1106383,1133495,1151377,1154256,1155207,1155574,1156213,1156482,1158485,1159814,1161436,1162108,CVE-2019-20386,CVE-2020-1712 Description: This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) - bus_open leak sd_event_source when udevadm trigger??? (bsc#1161436 CVE-2019-20386) - fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) - fileio: initialize errno to zero before we do fread() - fileio: try to read one byte too much in read_full_stream() - logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485) - logind: never elect a session that is stopping as display - journal: include kmsg lines from the systemd process which exec()d us (#8078) - udevd: don't use monitor after manager_exit() - udevd: capitalize log messages in on_sigchld() - udevd: merge conditions to decrease indentation - Revert 'udevd: fix crash when workers time out after exit is signal caught' - core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482) - udevd: fix crash when workers time out after exit is signal caught - udevd: wait for workers to finish when exiting (bsc#1106383) - Improve bash completion support (bsc#1155207) * shell-completion: systemctl: do not list template units in {re,}start * shell-completion: systemctl: pass current word to all list_unit* * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207) * bash-completion: systemctl: use systemctl --no-pager * bash-completion: also suggest template unit files * bash-completion: systemctl: add missing options and verbs * bash-completion: use the first argument instead of the global variable (#6457) - networkd: VXLan Make group and remote variable separate (bsc#1156213) - networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213) - fs-util: let's avoid unnecessary strerror() - fs-util: introduce inotify_add_watch_and_warn() helper - ask-password: improve log message when inotify limit is reached (bsc#1155574) - shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377) - man: alias names can't be used with enable command (bsc#1151377) - Add boot option to not use swap at system start (jsc#SLE-7689) - Allow YaST to select Iranian (Persian, Farsi) keyboard layout (bsc#1092920) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:339-1 Released: Thu Feb 6 13:03:22 2020 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1158921 Description: This update for openldap2 provides the following fix: - Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921) From sle-updates at lists.suse.com Thu Feb 6 10:11:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 18:11:51 +0100 (CET) Subject: SUSE-RU-2020:0336-1: moderate: Recommended update for opus Message-ID: <20200206171151.9262AF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for opus ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0336-1 Rating: moderate References: #1162395 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for opus fixes the following issues: - Fixes an issue with the analysis on files with digital silence (all zeros), especially on x87 builds (mostly affects 32-bit builds) - Improved speech/music detection based on a neural network - Low-bitrate speech improvements - Added support for immersive audio using ambisonics - Improved tone quality This update also improves the security of this software. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-336=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-336=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-336=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-336=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2020-336=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-336=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-336=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-336=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-336=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopus0-1.3.1-3.3.1 libopus0-debuginfo-1.3.1-3.3.1 opus-debugsource-1.3.1-3.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopus0-1.3.1-3.3.1 libopus0-debuginfo-1.3.1-3.3.1 opus-debugsource-1.3.1-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libopus0-32bit-1.3.1-3.3.1 libopus0-32bit-debuginfo-1.3.1-3.3.1 opus-debugsource-1.3.1-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libopus-devel-1.3.1-3.3.1 opus-debugsource-1.3.1-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libopus-devel-1.3.1-3.3.1 opus-debugsource-1.3.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libopus0-1.3.1-3.3.1 libopus0-debuginfo-1.3.1-3.3.1 opus-debugsource-1.3.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libopus0-1.3.1-3.3.1 libopus0-debuginfo-1.3.1-3.3.1 opus-debugsource-1.3.1-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopus0-1.3.1-3.3.1 libopus0-debuginfo-1.3.1-3.3.1 opus-debugsource-1.3.1-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopus0-1.3.1-3.3.1 libopus0-debuginfo-1.3.1-3.3.1 opus-debugsource-1.3.1-3.3.1 References: https://bugzilla.suse.com/1162395 From sle-updates at lists.suse.com Thu Feb 6 10:12:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 18:12:38 +0100 (CET) Subject: SUSE-RU-2020:0339-1: Recommended update for openldap2 Message-ID: <20200206171238.3C112F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0339-1 Rating: low References: #1158921 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openldap2 provides the following fix: - Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-339=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-339=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-339=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2020-339=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-339=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2020-339=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-339=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-339=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): openldap2-back-sock-2.4.46-9.25.1 openldap2-back-sock-debuginfo-2.4.46-9.25.1 openldap2-back-sql-2.4.46-9.25.1 openldap2-back-sql-debuginfo-2.4.46-9.25.1 openldap2-contrib-2.4.46-9.25.1 openldap2-contrib-debuginfo-2.4.46-9.25.1 openldap2-debuginfo-2.4.46-9.25.1 openldap2-debugsource-2.4.46-9.25.1 openldap2-ppolicy-check-password-1.2-9.25.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.25.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): libldap-data-2.4.46-9.25.1 openldap2-doc-2.4.46-9.25.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openldap2-back-sock-2.4.46-9.25.1 openldap2-back-sock-debuginfo-2.4.46-9.25.1 openldap2-back-sql-2.4.46-9.25.1 openldap2-back-sql-debuginfo-2.4.46-9.25.1 openldap2-contrib-2.4.46-9.25.1 openldap2-contrib-debuginfo-2.4.46-9.25.1 openldap2-debuginfo-2.4.46-9.25.1 openldap2-debugsource-2.4.46-9.25.1 openldap2-ppolicy-check-password-1.2-9.25.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.25.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): libldap-data-2.4.46-9.25.1 openldap2-doc-2.4.46-9.25.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.25.1 openldap2-back-meta-2.4.46-9.25.1 openldap2-back-meta-debuginfo-2.4.46-9.25.1 openldap2-back-perl-2.4.46-9.25.1 openldap2-back-perl-debuginfo-2.4.46-9.25.1 openldap2-debuginfo-2.4.46-9.25.1 openldap2-debugsource-2.4.46-9.25.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.25.1 openldap2-back-meta-2.4.46-9.25.1 openldap2-back-meta-debuginfo-2.4.46-9.25.1 openldap2-back-perl-2.4.46-9.25.1 openldap2-back-perl-debuginfo-2.4.46-9.25.1 openldap2-debuginfo-2.4.46-9.25.1 openldap2-debugsource-2.4.46-9.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): openldap2-debugsource-2.4.46-9.25.1 openldap2-devel-32bit-2.4.46-9.25.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): openldap2-debugsource-2.4.46-9.25.1 openldap2-devel-32bit-2.4.46-9.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.25.1 libldap-2_4-2-debuginfo-2.4.46-9.25.1 openldap2-client-2.4.46-9.25.1 openldap2-client-debuginfo-2.4.46-9.25.1 openldap2-debuginfo-2.4.46-9.25.1 openldap2-debugsource-2.4.46-9.25.1 openldap2-devel-2.4.46-9.25.1 openldap2-devel-static-2.4.46-9.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libldap-data-2.4.46-9.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libldap-2_4-2-32bit-2.4.46-9.25.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.25.1 libldap-2_4-2-debuginfo-2.4.46-9.25.1 openldap2-client-2.4.46-9.25.1 openldap2-client-debuginfo-2.4.46-9.25.1 openldap2-debuginfo-2.4.46-9.25.1 openldap2-debugsource-2.4.46-9.25.1 openldap2-devel-2.4.46-9.25.1 openldap2-devel-static-2.4.46-9.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libldap-data-2.4.46-9.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libldap-2_4-2-32bit-2.4.46-9.25.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.25.1 References: https://bugzilla.suse.com/1158921 From sle-updates at lists.suse.com Thu Feb 6 10:13:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 18:13:24 +0100 (CET) Subject: SUSE-SU-2020:0349-1: important: Security update for libqt5-qtbase Message-ID: <20200206171324.9F8DAF798@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0349-1 Rating: important References: #1161167 Cross-References: CVE-2020-0569 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libqt5-qtbase fixes the following issues: - CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-349=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-349=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-349=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2020-349=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-349=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-349=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-349=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libQt5Concurrent-devel-5.9.4-8.21.2 libQt5Concurrent5-5.9.4-8.21.2 libQt5Concurrent5-debuginfo-5.9.4-8.21.2 libQt5Core-devel-5.9.4-8.21.2 libQt5Core5-5.9.4-8.21.2 libQt5Core5-debuginfo-5.9.4-8.21.2 libQt5DBus-devel-5.9.4-8.21.2 libQt5DBus-devel-debuginfo-5.9.4-8.21.2 libQt5DBus5-5.9.4-8.21.2 libQt5DBus5-debuginfo-5.9.4-8.21.2 libQt5Gui-devel-5.9.4-8.21.2 libQt5Gui5-5.9.4-8.21.2 libQt5Gui5-debuginfo-5.9.4-8.21.2 libQt5KmsSupport-devel-static-5.9.4-8.21.2 libQt5Network-devel-5.9.4-8.21.2 libQt5Network5-5.9.4-8.21.2 libQt5Network5-debuginfo-5.9.4-8.21.2 libQt5OpenGL-devel-5.9.4-8.21.2 libQt5OpenGL5-5.9.4-8.21.2 libQt5OpenGL5-debuginfo-5.9.4-8.21.2 libQt5PlatformHeaders-devel-5.9.4-8.21.2 libQt5PlatformSupport-devel-static-5.9.4-8.21.2 libQt5PrintSupport-devel-5.9.4-8.21.2 libQt5PrintSupport5-5.9.4-8.21.2 libQt5PrintSupport5-debuginfo-5.9.4-8.21.2 libQt5Sql-devel-5.9.4-8.21.2 libQt5Sql5-5.9.4-8.21.2 libQt5Sql5-debuginfo-5.9.4-8.21.2 libQt5Sql5-sqlite-5.9.4-8.21.2 libQt5Sql5-sqlite-debuginfo-5.9.4-8.21.2 libQt5Test-devel-5.9.4-8.21.2 libQt5Test5-5.9.4-8.21.2 libQt5Test5-debuginfo-5.9.4-8.21.2 libQt5Widgets-devel-5.9.4-8.21.2 libQt5Widgets5-5.9.4-8.21.2 libQt5Widgets5-debuginfo-5.9.4-8.21.2 libQt5Xml-devel-5.9.4-8.21.2 libQt5Xml5-5.9.4-8.21.2 libQt5Xml5-debuginfo-5.9.4-8.21.2 libqt5-qtbase-common-devel-5.9.4-8.21.2 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.21.2 libqt5-qtbase-debugsource-5.9.4-8.21.2 libqt5-qtbase-devel-5.9.4-8.21.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): libQt5Core-private-headers-devel-5.9.4-8.21.2 libQt5DBus-private-headers-devel-5.9.4-8.21.2 libQt5Gui-private-headers-devel-5.9.4-8.21.2 libQt5KmsSupport-private-headers-devel-5.9.4-8.21.2 libQt5Network-private-headers-devel-5.9.4-8.21.2 libQt5OpenGL-private-headers-devel-5.9.4-8.21.2 libQt5PlatformSupport-private-headers-devel-5.9.4-8.21.2 libQt5PrintSupport-private-headers-devel-5.9.4-8.21.2 libQt5Sql-private-headers-devel-5.9.4-8.21.2 libQt5Test-private-headers-devel-5.9.4-8.21.2 libQt5Widgets-private-headers-devel-5.9.4-8.21.2 libqt5-qtbase-private-headers-devel-5.9.4-8.21.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libQt5Concurrent-devel-5.9.4-8.21.2 libQt5Concurrent5-5.9.4-8.21.2 libQt5Concurrent5-debuginfo-5.9.4-8.21.2 libQt5Core-devel-5.9.4-8.21.2 libQt5Core5-5.9.4-8.21.2 libQt5Core5-debuginfo-5.9.4-8.21.2 libQt5DBus-devel-5.9.4-8.21.2 libQt5DBus-devel-debuginfo-5.9.4-8.21.2 libQt5DBus5-5.9.4-8.21.2 libQt5DBus5-debuginfo-5.9.4-8.21.2 libQt5Gui-devel-5.9.4-8.21.2 libQt5Gui5-5.9.4-8.21.2 libQt5Gui5-debuginfo-5.9.4-8.21.2 libQt5KmsSupport-devel-static-5.9.4-8.21.2 libQt5Network-devel-5.9.4-8.21.2 libQt5Network5-5.9.4-8.21.2 libQt5Network5-debuginfo-5.9.4-8.21.2 libQt5OpenGL-devel-5.9.4-8.21.2 libQt5OpenGL5-5.9.4-8.21.2 libQt5OpenGL5-debuginfo-5.9.4-8.21.2 libQt5PlatformHeaders-devel-5.9.4-8.21.2 libQt5PlatformSupport-devel-static-5.9.4-8.21.2 libQt5PrintSupport-devel-5.9.4-8.21.2 libQt5PrintSupport5-5.9.4-8.21.2 libQt5PrintSupport5-debuginfo-5.9.4-8.21.2 libQt5Sql-devel-5.9.4-8.21.2 libQt5Sql5-5.9.4-8.21.2 libQt5Sql5-debuginfo-5.9.4-8.21.2 libQt5Sql5-sqlite-5.9.4-8.21.2 libQt5Sql5-sqlite-debuginfo-5.9.4-8.21.2 libQt5Test-devel-5.9.4-8.21.2 libQt5Test5-5.9.4-8.21.2 libQt5Test5-debuginfo-5.9.4-8.21.2 libQt5Widgets-devel-5.9.4-8.21.2 libQt5Widgets5-5.9.4-8.21.2 libQt5Widgets5-debuginfo-5.9.4-8.21.2 libQt5Xml-devel-5.9.4-8.21.2 libQt5Xml5-5.9.4-8.21.2 libQt5Xml5-debuginfo-5.9.4-8.21.2 libqt5-qtbase-common-devel-5.9.4-8.21.2 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.21.2 libqt5-qtbase-debugsource-5.9.4-8.21.2 libqt5-qtbase-devel-5.9.4-8.21.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): libQt5Core-private-headers-devel-5.9.4-8.21.2 libQt5DBus-private-headers-devel-5.9.4-8.21.2 libQt5Gui-private-headers-devel-5.9.4-8.21.2 libQt5KmsSupport-private-headers-devel-5.9.4-8.21.2 libQt5Network-private-headers-devel-5.9.4-8.21.2 libQt5OpenGL-private-headers-devel-5.9.4-8.21.2 libQt5PlatformSupport-private-headers-devel-5.9.4-8.21.2 libQt5PrintSupport-private-headers-devel-5.9.4-8.21.2 libQt5Sql-private-headers-devel-5.9.4-8.21.2 libQt5Test-private-headers-devel-5.9.4-8.21.2 libQt5Widgets-private-headers-devel-5.9.4-8.21.2 libqt5-qtbase-private-headers-devel-5.9.4-8.21.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.9.4-8.21.2 libqt5-qtbase-debugsource-5.9.4-8.21.2 libqt5-qtbase-examples-5.9.4-8.21.2 libqt5-qtbase-examples-debuginfo-5.9.4-8.21.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libQt5OpenGLExtensions-devel-static-5.9.4-8.21.2 libQt5Sql5-mysql-5.9.4-8.21.2 libQt5Sql5-mysql-debuginfo-5.9.4-8.21.2 libQt5Sql5-postgresql-5.9.4-8.21.2 libQt5Sql5-postgresql-debuginfo-5.9.4-8.21.2 libQt5Sql5-unixODBC-5.9.4-8.21.2 libQt5Sql5-unixODBC-debuginfo-5.9.4-8.21.2 libqt5-qtbase-debugsource-5.9.4-8.21.2 libqt5-qtbase-platformtheme-gtk3-5.9.4-8.21.2 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.4-8.21.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libQt5Concurrent-devel-5.9.4-8.21.2 libQt5Concurrent5-5.9.4-8.21.2 libQt5Concurrent5-debuginfo-5.9.4-8.21.2 libQt5Core-devel-5.9.4-8.21.2 libQt5Core5-5.9.4-8.21.2 libQt5Core5-debuginfo-5.9.4-8.21.2 libQt5DBus-devel-5.9.4-8.21.2 libQt5DBus-devel-debuginfo-5.9.4-8.21.2 libQt5DBus5-5.9.4-8.21.2 libQt5DBus5-debuginfo-5.9.4-8.21.2 libQt5Gui-devel-5.9.4-8.21.2 libQt5Gui5-5.9.4-8.21.2 libQt5Gui5-debuginfo-5.9.4-8.21.2 libQt5KmsSupport-devel-static-5.9.4-8.21.2 libQt5Network-devel-5.9.4-8.21.2 libQt5Network5-5.9.4-8.21.2 libQt5Network5-debuginfo-5.9.4-8.21.2 libQt5OpenGL-devel-5.9.4-8.21.2 libQt5OpenGL5-5.9.4-8.21.2 libQt5OpenGL5-debuginfo-5.9.4-8.21.2 libQt5PlatformHeaders-devel-5.9.4-8.21.2 libQt5PlatformSupport-devel-static-5.9.4-8.21.2 libQt5PrintSupport-devel-5.9.4-8.21.2 libQt5PrintSupport5-5.9.4-8.21.2 libQt5PrintSupport5-debuginfo-5.9.4-8.21.2 libQt5Sql-devel-5.9.4-8.21.2 libQt5Sql5-5.9.4-8.21.2 libQt5Sql5-debuginfo-5.9.4-8.21.2 libQt5Sql5-sqlite-5.9.4-8.21.2 libQt5Sql5-sqlite-debuginfo-5.9.4-8.21.2 libQt5Test-devel-5.9.4-8.21.2 libQt5Test5-5.9.4-8.21.2 libQt5Test5-debuginfo-5.9.4-8.21.2 libQt5Widgets-devel-5.9.4-8.21.2 libQt5Widgets5-5.9.4-8.21.2 libQt5Widgets5-debuginfo-5.9.4-8.21.2 libQt5Xml-devel-5.9.4-8.21.2 libQt5Xml5-5.9.4-8.21.2 libQt5Xml5-debuginfo-5.9.4-8.21.2 libqt5-qtbase-common-devel-5.9.4-8.21.2 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.21.2 libqt5-qtbase-debugsource-5.9.4-8.21.2 libqt5-qtbase-devel-5.9.4-8.21.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libQt5Core-private-headers-devel-5.9.4-8.21.2 libQt5DBus-private-headers-devel-5.9.4-8.21.2 libQt5Gui-private-headers-devel-5.9.4-8.21.2 libQt5KmsSupport-private-headers-devel-5.9.4-8.21.2 libQt5Network-private-headers-devel-5.9.4-8.21.2 libQt5OpenGL-private-headers-devel-5.9.4-8.21.2 libQt5PlatformSupport-private-headers-devel-5.9.4-8.21.2 libQt5PrintSupport-private-headers-devel-5.9.4-8.21.2 libQt5Sql-private-headers-devel-5.9.4-8.21.2 libQt5Test-private-headers-devel-5.9.4-8.21.2 libQt5Widgets-private-headers-devel-5.9.4-8.21.2 libqt5-qtbase-private-headers-devel-5.9.4-8.21.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libQt5Concurrent-devel-5.9.4-8.21.2 libQt5Concurrent5-5.9.4-8.21.2 libQt5Concurrent5-debuginfo-5.9.4-8.21.2 libQt5Core-devel-5.9.4-8.21.2 libQt5Core5-5.9.4-8.21.2 libQt5Core5-debuginfo-5.9.4-8.21.2 libQt5DBus-devel-5.9.4-8.21.2 libQt5DBus-devel-debuginfo-5.9.4-8.21.2 libQt5DBus5-5.9.4-8.21.2 libQt5DBus5-debuginfo-5.9.4-8.21.2 libQt5Gui-devel-5.9.4-8.21.2 libQt5Gui5-5.9.4-8.21.2 libQt5Gui5-debuginfo-5.9.4-8.21.2 libQt5KmsSupport-devel-static-5.9.4-8.21.2 libQt5Network-devel-5.9.4-8.21.2 libQt5Network5-5.9.4-8.21.2 libQt5Network5-debuginfo-5.9.4-8.21.2 libQt5OpenGL-devel-5.9.4-8.21.2 libQt5OpenGL5-5.9.4-8.21.2 libQt5OpenGL5-debuginfo-5.9.4-8.21.2 libQt5PlatformHeaders-devel-5.9.4-8.21.2 libQt5PlatformSupport-devel-static-5.9.4-8.21.2 libQt5PrintSupport-devel-5.9.4-8.21.2 libQt5PrintSupport5-5.9.4-8.21.2 libQt5PrintSupport5-debuginfo-5.9.4-8.21.2 libQt5Sql-devel-5.9.4-8.21.2 libQt5Sql5-5.9.4-8.21.2 libQt5Sql5-debuginfo-5.9.4-8.21.2 libQt5Sql5-sqlite-5.9.4-8.21.2 libQt5Sql5-sqlite-debuginfo-5.9.4-8.21.2 libQt5Test-devel-5.9.4-8.21.2 libQt5Test5-5.9.4-8.21.2 libQt5Test5-debuginfo-5.9.4-8.21.2 libQt5Widgets-devel-5.9.4-8.21.2 libQt5Widgets5-5.9.4-8.21.2 libQt5Widgets5-debuginfo-5.9.4-8.21.2 libQt5Xml-devel-5.9.4-8.21.2 libQt5Xml5-5.9.4-8.21.2 libQt5Xml5-debuginfo-5.9.4-8.21.2 libqt5-qtbase-common-devel-5.9.4-8.21.2 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.21.2 libqt5-qtbase-debugsource-5.9.4-8.21.2 libqt5-qtbase-devel-5.9.4-8.21.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libQt5Core-private-headers-devel-5.9.4-8.21.2 libQt5DBus-private-headers-devel-5.9.4-8.21.2 libQt5Gui-private-headers-devel-5.9.4-8.21.2 libQt5KmsSupport-private-headers-devel-5.9.4-8.21.2 libQt5Network-private-headers-devel-5.9.4-8.21.2 libQt5OpenGL-private-headers-devel-5.9.4-8.21.2 libQt5PlatformSupport-private-headers-devel-5.9.4-8.21.2 libQt5PrintSupport-private-headers-devel-5.9.4-8.21.2 libQt5Sql-private-headers-devel-5.9.4-8.21.2 libQt5Test-private-headers-devel-5.9.4-8.21.2 libQt5Widgets-private-headers-devel-5.9.4-8.21.2 libqt5-qtbase-private-headers-devel-5.9.4-8.21.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libQt5Concurrent-devel-5.9.4-8.21.2 libQt5Concurrent5-5.9.4-8.21.2 libQt5Concurrent5-debuginfo-5.9.4-8.21.2 libQt5Core-devel-5.9.4-8.21.2 libQt5Core5-5.9.4-8.21.2 libQt5Core5-debuginfo-5.9.4-8.21.2 libQt5DBus-devel-5.9.4-8.21.2 libQt5DBus-devel-debuginfo-5.9.4-8.21.2 libQt5DBus5-5.9.4-8.21.2 libQt5DBus5-debuginfo-5.9.4-8.21.2 libQt5Gui-devel-5.9.4-8.21.2 libQt5Gui5-5.9.4-8.21.2 libQt5Gui5-debuginfo-5.9.4-8.21.2 libQt5KmsSupport-devel-static-5.9.4-8.21.2 libQt5Network-devel-5.9.4-8.21.2 libQt5Network5-5.9.4-8.21.2 libQt5Network5-debuginfo-5.9.4-8.21.2 libQt5OpenGL-devel-5.9.4-8.21.2 libQt5OpenGL5-5.9.4-8.21.2 libQt5OpenGL5-debuginfo-5.9.4-8.21.2 libQt5PlatformHeaders-devel-5.9.4-8.21.2 libQt5PlatformSupport-devel-static-5.9.4-8.21.2 libQt5PrintSupport-devel-5.9.4-8.21.2 libQt5PrintSupport5-5.9.4-8.21.2 libQt5PrintSupport5-debuginfo-5.9.4-8.21.2 libQt5Sql-devel-5.9.4-8.21.2 libQt5Sql5-5.9.4-8.21.2 libQt5Sql5-debuginfo-5.9.4-8.21.2 libQt5Sql5-sqlite-5.9.4-8.21.2 libQt5Sql5-sqlite-debuginfo-5.9.4-8.21.2 libQt5Test-devel-5.9.4-8.21.2 libQt5Test5-5.9.4-8.21.2 libQt5Test5-debuginfo-5.9.4-8.21.2 libQt5Widgets-devel-5.9.4-8.21.2 libQt5Widgets5-5.9.4-8.21.2 libQt5Widgets5-debuginfo-5.9.4-8.21.2 libQt5Xml-devel-5.9.4-8.21.2 libQt5Xml5-5.9.4-8.21.2 libQt5Xml5-debuginfo-5.9.4-8.21.2 libqt5-qtbase-common-devel-5.9.4-8.21.2 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.21.2 libqt5-qtbase-debugsource-5.9.4-8.21.2 libqt5-qtbase-devel-5.9.4-8.21.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libQt5Core-private-headers-devel-5.9.4-8.21.2 libQt5DBus-private-headers-devel-5.9.4-8.21.2 libQt5Gui-private-headers-devel-5.9.4-8.21.2 libQt5KmsSupport-private-headers-devel-5.9.4-8.21.2 libQt5Network-private-headers-devel-5.9.4-8.21.2 libQt5OpenGL-private-headers-devel-5.9.4-8.21.2 libQt5PlatformSupport-private-headers-devel-5.9.4-8.21.2 libQt5PrintSupport-private-headers-devel-5.9.4-8.21.2 libQt5Sql-private-headers-devel-5.9.4-8.21.2 libQt5Test-private-headers-devel-5.9.4-8.21.2 libQt5Widgets-private-headers-devel-5.9.4-8.21.2 libqt5-qtbase-private-headers-devel-5.9.4-8.21.2 References: https://www.suse.com/security/cve/CVE-2020-0569.html https://bugzilla.suse.com/1161167 From sle-updates at lists.suse.com Thu Feb 6 10:14:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 18:14:06 +0100 (CET) Subject: SUSE-RU-2020:0340-1: moderate: Recommended update for python-rpm-macros Message-ID: <20200206171406.90D7EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-rpm-macros ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0340-1 Rating: moderate References: #1161770 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-rpm-macros fixes the following issues: - Add macros related to the Python dist metadata dependency generator. (bsc#1161770) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-340=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python-rpm-macros-20200117.8e39013-3.8.1 References: https://bugzilla.suse.com/1161770 From sle-updates at lists.suse.com Thu Feb 6 10:14:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 18:14:45 +0100 (CET) Subject: SUSE-RU-2020:14282-1: moderate: Recommended update for openssl-certs Message-ID: <20200206171445.068A3F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-certs ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14282-1 Rating: moderate References: #1144169 #1160160 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openssl-certs fixes the following issues: openssl-certs was updated to the 2.40 state of the Mozilla NSS Certificate store (bsc#1160160): Removed certificates: - Certplus Class 2 Primary CA - Deutsche Telekom Root CA 2 - CN=Swisscom Root CA 2 - UTN-USERFirst-Client Authentication and Email - Certinomis - Root CA Added certificates: - Entrust Root Certification Authority - G4 - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openssl-certs-14282=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-certs-14282=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): openssl-certs-2.40-0.7.12.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): openssl-certs-2.40-0.7.12.1 References: https://bugzilla.suse.com/1144169 https://bugzilla.suse.com/1160160 From sle-updates at lists.suse.com Thu Feb 6 10:15:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 18:15:32 +0100 (CET) Subject: SUSE-RU-2020:0342-1: moderate: Recommended update for powerpc-utils Message-ID: <20200206171532.B227DF79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0342-1 Rating: moderate References: #1116561 #1158312 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for powerpc-utils fixes the following issues: - Fix for error messages returning by evaluation of ${devspec} in 'ofpathname'. (bsc#1116561) - Add support parsing the new "ibm,drc-info" device tree property and add the new information into the existing search mechanisms of the userspace 'drmgr' driver. (bsc#1158312) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-342=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (ppc64le): powerpc-utils-1.3.7-3.6.1 powerpc-utils-debuginfo-1.3.7-3.6.1 powerpc-utils-debugsource-1.3.7-3.6.1 References: https://bugzilla.suse.com/1116561 https://bugzilla.suse.com/1158312 From sle-updates at lists.suse.com Thu Feb 6 10:16:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 18:16:21 +0100 (CET) Subject: SUSE-SU-2020:0346-1: important: Security update for libqt5-qtbase Message-ID: <20200206171621.A0524F79E@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0346-1 Rating: important References: #1158667 #1161167 Cross-References: CVE-2020-0569 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libqt5-qtbase fixes the following issues: Security issue fixed: - CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). Other issue fixed: - Fixed comboboxes not showing in correct location (bsc#1158667). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-346=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-346=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-346=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.9.7-13.5.1 libqt5-qtbase-debugsource-5.9.7-13.5.1 libqt5-qtbase-examples-5.9.7-13.5.1 libqt5-qtbase-examples-debuginfo-5.9.7-13.5.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libQt5Bootstrap-devel-static-32bit-5.9.7-13.5.1 libQt5Concurrent-devel-32bit-5.9.7-13.5.1 libQt5Concurrent5-32bit-5.9.7-13.5.1 libQt5Concurrent5-32bit-debuginfo-5.9.7-13.5.1 libQt5Core-devel-32bit-5.9.7-13.5.1 libQt5Core5-32bit-5.9.7-13.5.1 libQt5Core5-32bit-debuginfo-5.9.7-13.5.1 libQt5DBus-devel-32bit-5.9.7-13.5.1 libQt5DBus-devel-32bit-debuginfo-5.9.7-13.5.1 libQt5DBus5-32bit-5.9.7-13.5.1 libQt5DBus5-32bit-debuginfo-5.9.7-13.5.1 libQt5Gui-devel-32bit-5.9.7-13.5.1 libQt5Gui5-32bit-5.9.7-13.5.1 libQt5Gui5-32bit-debuginfo-5.9.7-13.5.1 libQt5Network-devel-32bit-5.9.7-13.5.1 libQt5Network5-32bit-5.9.7-13.5.1 libQt5Network5-32bit-debuginfo-5.9.7-13.5.1 libQt5OpenGL-devel-32bit-5.9.7-13.5.1 libQt5OpenGL5-32bit-5.9.7-13.5.1 libQt5OpenGL5-32bit-debuginfo-5.9.7-13.5.1 libQt5OpenGLExtensions-devel-static-32bit-5.9.7-13.5.1 libQt5PlatformSupport-devel-static-32bit-5.9.7-13.5.1 libQt5PrintSupport-devel-32bit-5.9.7-13.5.1 libQt5PrintSupport5-32bit-5.9.7-13.5.1 libQt5PrintSupport5-32bit-debuginfo-5.9.7-13.5.1 libQt5Sql-devel-32bit-5.9.7-13.5.1 libQt5Sql5-32bit-5.9.7-13.5.1 libQt5Sql5-32bit-debuginfo-5.9.7-13.5.1 libQt5Sql5-mysql-32bit-5.9.7-13.5.1 libQt5Sql5-mysql-32bit-debuginfo-5.9.7-13.5.1 libQt5Sql5-postgresql-32bit-5.9.7-13.5.1 libQt5Sql5-postgresql-32bit-debuginfo-5.9.7-13.5.1 libQt5Sql5-sqlite-32bit-5.9.7-13.5.1 libQt5Sql5-sqlite-32bit-debuginfo-5.9.7-13.5.1 libQt5Sql5-unixODBC-32bit-5.9.7-13.5.1 libQt5Sql5-unixODBC-32bit-debuginfo-5.9.7-13.5.1 libQt5Test-devel-32bit-5.9.7-13.5.1 libQt5Test5-32bit-5.9.7-13.5.1 libQt5Test5-32bit-debuginfo-5.9.7-13.5.1 libQt5Widgets-devel-32bit-5.9.7-13.5.1 libQt5Widgets5-32bit-5.9.7-13.5.1 libQt5Widgets5-32bit-debuginfo-5.9.7-13.5.1 libQt5Xml-devel-32bit-5.9.7-13.5.1 libQt5Xml5-32bit-5.9.7-13.5.1 libQt5Xml5-32bit-debuginfo-5.9.7-13.5.1 libqt5-qtbase-examples-32bit-5.9.7-13.5.1 libqt5-qtbase-examples-32bit-debuginfo-5.9.7-13.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libQt5OpenGLExtensions-devel-static-5.9.7-13.5.1 libQt5Sql5-mysql-5.9.7-13.5.1 libQt5Sql5-mysql-debuginfo-5.9.7-13.5.1 libQt5Sql5-postgresql-5.9.7-13.5.1 libQt5Sql5-postgresql-debuginfo-5.9.7-13.5.1 libQt5Sql5-unixODBC-5.9.7-13.5.1 libQt5Sql5-unixODBC-debuginfo-5.9.7-13.5.1 libqt5-qtbase-debugsource-5.9.7-13.5.1 libqt5-qtbase-platformtheme-gtk3-5.9.7-13.5.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.7-13.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libQt5Concurrent-devel-5.9.7-13.5.1 libQt5Concurrent5-5.9.7-13.5.1 libQt5Concurrent5-debuginfo-5.9.7-13.5.1 libQt5Core-devel-5.9.7-13.5.1 libQt5Core5-5.9.7-13.5.1 libQt5Core5-debuginfo-5.9.7-13.5.1 libQt5DBus-devel-5.9.7-13.5.1 libQt5DBus-devel-debuginfo-5.9.7-13.5.1 libQt5DBus5-5.9.7-13.5.1 libQt5DBus5-debuginfo-5.9.7-13.5.1 libQt5Gui-devel-5.9.7-13.5.1 libQt5Gui5-5.9.7-13.5.1 libQt5Gui5-debuginfo-5.9.7-13.5.1 libQt5KmsSupport-devel-static-5.9.7-13.5.1 libQt5Network-devel-5.9.7-13.5.1 libQt5Network5-5.9.7-13.5.1 libQt5Network5-debuginfo-5.9.7-13.5.1 libQt5OpenGL-devel-5.9.7-13.5.1 libQt5OpenGL5-5.9.7-13.5.1 libQt5OpenGL5-debuginfo-5.9.7-13.5.1 libQt5PlatformHeaders-devel-5.9.7-13.5.1 libQt5PlatformSupport-devel-static-5.9.7-13.5.1 libQt5PrintSupport-devel-5.9.7-13.5.1 libQt5PrintSupport5-5.9.7-13.5.1 libQt5PrintSupport5-debuginfo-5.9.7-13.5.1 libQt5Sql-devel-5.9.7-13.5.1 libQt5Sql5-5.9.7-13.5.1 libQt5Sql5-debuginfo-5.9.7-13.5.1 libQt5Sql5-sqlite-5.9.7-13.5.1 libQt5Sql5-sqlite-debuginfo-5.9.7-13.5.1 libQt5Test-devel-5.9.7-13.5.1 libQt5Test5-5.9.7-13.5.1 libQt5Test5-debuginfo-5.9.7-13.5.1 libQt5Widgets-devel-5.9.7-13.5.1 libQt5Widgets5-5.9.7-13.5.1 libQt5Widgets5-debuginfo-5.9.7-13.5.1 libQt5Xml-devel-5.9.7-13.5.1 libQt5Xml5-5.9.7-13.5.1 libQt5Xml5-debuginfo-5.9.7-13.5.1 libqt5-qtbase-common-devel-5.9.7-13.5.1 libqt5-qtbase-common-devel-debuginfo-5.9.7-13.5.1 libqt5-qtbase-debugsource-5.9.7-13.5.1 libqt5-qtbase-devel-5.9.7-13.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libQt5Core-private-headers-devel-5.9.7-13.5.1 libQt5DBus-private-headers-devel-5.9.7-13.5.1 libQt5Gui-private-headers-devel-5.9.7-13.5.1 libQt5KmsSupport-private-headers-devel-5.9.7-13.5.1 libQt5Network-private-headers-devel-5.9.7-13.5.1 libQt5OpenGL-private-headers-devel-5.9.7-13.5.1 libQt5PlatformSupport-private-headers-devel-5.9.7-13.5.1 libQt5PrintSupport-private-headers-devel-5.9.7-13.5.1 libQt5Sql-private-headers-devel-5.9.7-13.5.1 libQt5Test-private-headers-devel-5.9.7-13.5.1 libQt5Widgets-private-headers-devel-5.9.7-13.5.1 libqt5-qtbase-private-headers-devel-5.9.7-13.5.1 References: https://www.suse.com/security/cve/CVE-2020-0569.html https://bugzilla.suse.com/1158667 https://bugzilla.suse.com/1161167 From sle-updates at lists.suse.com Thu Feb 6 10:17:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 18:17:12 +0100 (CET) Subject: SUSE-RU-2020:0341-1: moderate: Recommended update for bluez Message-ID: <20200206171712.F2A77F79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for bluez ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0341-1 Rating: moderate References: #1156544 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bluez fixes the following issues: - The 32-bit 'SIOCGSTAMP' has been deprecated. Use the deprecated name to fix the build.(bsc#1156544) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-341=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-341=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-341=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-341=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): bluez-cups-5.48-5.22.5 bluez-cups-debuginfo-5.48-5.22.5 bluez-debuginfo-5.48-5.22.5 bluez-debugsource-5.48-5.22.5 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.48-5.22.5 bluez-debugsource-5.48-5.22.5 bluez-test-5.48-5.22.5 bluez-test-debuginfo-5.48-5.22.5 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): bluez-devel-32bit-5.48-5.22.5 libbluetooth3-32bit-5.48-5.22.5 libbluetooth3-32bit-debuginfo-5.48-5.22.5 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): bluez-auto-enable-devices-5.48-5.22.5 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): bluez-5.48-5.22.5 bluez-debuginfo-5.48-5.22.5 bluez-debugsource-5.48-5.22.5 bluez-devel-5.48-5.22.5 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.48-5.22.5 bluez-debugsource-5.48-5.22.5 libbluetooth3-5.48-5.22.5 libbluetooth3-debuginfo-5.48-5.22.5 References: https://bugzilla.suse.com/1156544 From sle-updates at lists.suse.com Thu Feb 6 10:17:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 18:17:55 +0100 (CET) Subject: SUSE-SU-2020:0347-1: important: Security update for wicked Message-ID: <20200206171755.C60C8F79E@maintenance.suse.de> SUSE Security Update: Security update for wicked ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0347-1 Rating: important References: #1160904 #1160906 Cross-References: CVE-2019-18903 CVE-2020-7217 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wicked fixes the following issues: - CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IA_PD option (bsc#1160904). - CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids (bsc#1160906). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-347=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): wicked-0.6.60-3.13.1 wicked-debuginfo-0.6.60-3.13.1 wicked-debugsource-0.6.60-3.13.1 wicked-service-0.6.60-3.13.1 References: https://www.suse.com/security/cve/CVE-2019-18903.html https://www.suse.com/security/cve/CVE-2020-7217.html https://bugzilla.suse.com/1160904 https://bugzilla.suse.com/1160906 From sle-updates at lists.suse.com Thu Feb 6 10:18:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 18:18:47 +0100 (CET) Subject: SUSE-SU-2020:0348-1: moderate: Security update for nginx Message-ID: <20200206171847.01A85F79E@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0348-1 Rating: moderate References: #1160682 Cross-References: CVE-2019-20372 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nginx fixes the following issues: - CVE-2019-20372: Fixed an HTTP request smuggling with certain error_page configurations which could have allowed unauthorized web page reads (bsc#1160682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-348=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-348=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): nginx-1.14.2-6.7.1 nginx-debuginfo-1.14.2-6.7.1 nginx-debugsource-1.14.2-6.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): nginx-source-1.14.2-6.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): vim-plugin-nginx-1.14.2-6.7.1 References: https://www.suse.com/security/cve/CVE-2019-20372.html https://bugzilla.suse.com/1160682 From sle-updates at lists.suse.com Thu Feb 6 10:19:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 18:19:30 +0100 (CET) Subject: SUSE-RU-2020:0337-1: moderate: Recommended update for python-rpm-macros Message-ID: <20200206171930.551EEF79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-rpm-macros ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0337-1 Rating: moderate References: #1161770 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-rpm-macros fixes the following issues: - Add macros related to the Python dist metadata dependency generator. (bsc#1161770) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-337=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-337=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-337=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-337=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): python-rpm-macros-20200117.8e39013-3.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): python-rpm-macros-20200117.8e39013-3.13.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-rpm-macros-20200117.8e39013-3.13.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-rpm-macros-20200117.8e39013-3.13.1 References: https://bugzilla.suse.com/1161770 From sle-updates at lists.suse.com Thu Feb 6 10:20:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 18:20:12 +0100 (CET) Subject: SUSE-RU-2020:0345-1: moderate: Recommended update for suse-module-tools Message-ID: <20200206172012.E8202F79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-module-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0345-1 Rating: moderate References: #1132798 #1142152 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for suse-module-tools fixes the following issues: Update to version 12.10: - Fix papr_scm dependency. (bsc#1142152, ltc#176292, FATE#327775) Update to version 12.9: - Add modprobe.conf.s390x. (bsc#1132798) Update to version 12.8: - Add dependency of 'papr_scm' on 'libnvdimm' in the initrd image. (bsc#1142152, ltc#176292, FATE#327775) - Load 'fbcon' module together with 'virtio_gpu' on s390. (bsc#1132798) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-345=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): suse-module-tools-12.10-3.5.1 References: https://bugzilla.suse.com/1132798 https://bugzilla.suse.com/1142152 From sle-updates at lists.suse.com Thu Feb 6 10:21:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 18:21:03 +0100 (CET) Subject: SUSE-RU-2020:0338-1: moderate: Recommended update for apr Message-ID: <20200206172103.95F9FF79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for apr ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0338-1 Rating: moderate References: #1151059 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apr fixes the following issues: - Increase timeout to fix random failure of testsuite [bsc#1151059]. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-338=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): apr-debugsource-1.6.3-3.3.8 apr-devel-1.6.3-3.3.8 libapr1-1.6.3-3.3.8 libapr1-debuginfo-1.6.3-3.3.8 References: https://bugzilla.suse.com/1151059 From sle-updates at lists.suse.com Thu Feb 6 10:21:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 18:21:42 +0100 (CET) Subject: SUSE-RU-2020:0343-1: moderate: Recommended update for SAPHanaSR Message-ID: <20200206172142.EF86CF79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0343-1 Rating: moderate References: #1155423 #1156067 #1156150 #1157453 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for SAPHanaSR fixes the following issues: - Restart sapstartsrv service on master nameserver node during monitor action, if needed. But NOT during probes. (bsc#1157453, bsc#1156150) - The SAPHana resource agent must not down-score a SAP HANA Database site, but keep high scoring during recovery of the master name server. (bsc#1156067) - Change HAWK2 templates to python3. (bsc#1155423) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2020-343=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2020-343=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): SAPHanaSR-0.154.0-4.11.2 SAPHanaSR-doc-0.154.0-4.11.2 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): SAPHanaSR-0.154.0-4.11.2 SAPHanaSR-doc-0.154.0-4.11.2 References: https://bugzilla.suse.com/1155423 https://bugzilla.suse.com/1156067 https://bugzilla.suse.com/1156150 https://bugzilla.suse.com/1157453 From sle-updates at lists.suse.com Thu Feb 6 10:22:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 18:22:48 +0100 (CET) Subject: SUSE-RU-2020:0344-1: moderate: Recommended update for python-kiwi Message-ID: <20200206172248.A72C2F79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0344-1 Rating: moderate References: #1139915 #1150190 #1155815 #1156694 #1156908 #1157104 #1157354 #1159235 #1159538 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for python-kiwi fixes the following issues: - Update libyui-ncurses-pkg10 to libyui-ncurses-pkg11 Tumbleweed there is no longer the libyui-ncurses-pkg10 its been superseded by libyui-ncurses-pkg11. (bsc#1159538) - Fix grub2 configuration for shim fallback setup if shim fallback setup is enabled the grub.cfg is copied to the EFI partition. (bsc#1159235, bsc#1155815) - No swap volume is added on btrfs as the volume manager is not LVM, so swap has its own volume. (bsc#1156908) - Fixed setup of default grub config preventing grub2-mkconfig to place the root device information twice. (bsc#1156908) - Include 'grub.cfg' inside the efi partition the vfat. (bsc#1157354) - Fix for kiwi relative path in repository element. (bsc#1157104) - Fixed 'zipl' bootloader setup for 's390' images. (bsc#1156694) - Fix the sha256 generated file content in a 'kiwi result bundle' call includes the filename with the correct extension. (bsc#1139915) - Fixed rpmdb compat link setup removing the hardcoded path '/var/lib/rpm' and use the rpm macro definition instead. (bsc#1150190) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-344=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-344=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python-kiwi-debugsource-9.19.8-3.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.19.8-3.9.1 dracut-kiwi-live-9.19.8-3.9.1 dracut-kiwi-oem-dump-9.19.8-3.9.1 dracut-kiwi-oem-repart-9.19.8-3.9.1 dracut-kiwi-overlay-9.19.8-3.9.1 kiwi-man-pages-9.19.8-3.9.1 kiwi-tools-9.19.8-3.9.1 kiwi-tools-debuginfo-9.19.8-3.9.1 python-kiwi-debugsource-9.19.8-3.9.1 python3-kiwi-9.19.8-3.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): kiwi-pxeboot-9.19.8-3.9.1 References: https://bugzilla.suse.com/1139915 https://bugzilla.suse.com/1150190 https://bugzilla.suse.com/1155815 https://bugzilla.suse.com/1156694 https://bugzilla.suse.com/1156908 https://bugzilla.suse.com/1157104 https://bugzilla.suse.com/1157354 https://bugzilla.suse.com/1159235 https://bugzilla.suse.com/1159538 From sle-updates at lists.suse.com Thu Feb 6 13:13:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 21:13:09 +0100 (CET) Subject: SUSE-RU-2020:0354-1: important: Recommended update for samba Message-ID: <20200206201309.6EBBBF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0354-1 Rating: important References: #1160490 #1161389 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for samba fixes the following issues: - Fix for failing set account flags for machine account ADs, prefering principal over domain/username for NTLM. (bsc#1161389, bso#14007); - Fix 'pam_winbind' with 'krb5_auth' or 'wbinfo -K' for users of trusted domains/forests. (bsc#1160490, bso#14124) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-354=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-354=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-354=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libndr-devel-4.10.5+git.165.126b152c238-3.6.2 libndr-krb5pac-devel-4.10.5+git.165.126b152c238-3.6.2 libndr-nbt-devel-4.10.5+git.165.126b152c238-3.6.2 libndr-standard-devel-4.10.5+git.165.126b152c238-3.6.2 libsamba-util-devel-4.10.5+git.165.126b152c238-3.6.2 libsmbclient-devel-4.10.5+git.165.126b152c238-3.6.2 libwbclient-devel-4.10.5+git.165.126b152c238-3.6.2 samba-core-devel-4.10.5+git.165.126b152c238-3.6.2 samba-debuginfo-4.10.5+git.165.126b152c238-3.6.2 samba-debugsource-4.10.5+git.165.126b152c238-3.6.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.10.5+git.165.126b152c238-3.6.2 libdcerpc-binding0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libdcerpc0-4.10.5+git.165.126b152c238-3.6.2 libdcerpc0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libndr-krb5pac0-4.10.5+git.165.126b152c238-3.6.2 libndr-krb5pac0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libndr-nbt0-4.10.5+git.165.126b152c238-3.6.2 libndr-nbt0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libndr-standard0-4.10.5+git.165.126b152c238-3.6.2 libndr-standard0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libndr0-4.10.5+git.165.126b152c238-3.6.2 libndr0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libnetapi0-4.10.5+git.165.126b152c238-3.6.2 libnetapi0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libsamba-credentials0-4.10.5+git.165.126b152c238-3.6.2 libsamba-credentials0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libsamba-errors0-4.10.5+git.165.126b152c238-3.6.2 libsamba-errors0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libsamba-hostconfig0-4.10.5+git.165.126b152c238-3.6.2 libsamba-hostconfig0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libsamba-passdb0-4.10.5+git.165.126b152c238-3.6.2 libsamba-passdb0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libsamba-util0-4.10.5+git.165.126b152c238-3.6.2 libsamba-util0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libsamdb0-4.10.5+git.165.126b152c238-3.6.2 libsamdb0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libsmbclient0-4.10.5+git.165.126b152c238-3.6.2 libsmbclient0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libsmbconf0-4.10.5+git.165.126b152c238-3.6.2 libsmbconf0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libsmbldap2-4.10.5+git.165.126b152c238-3.6.2 libsmbldap2-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libtevent-util0-4.10.5+git.165.126b152c238-3.6.2 libtevent-util0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 libwbclient0-4.10.5+git.165.126b152c238-3.6.2 libwbclient0-debuginfo-4.10.5+git.165.126b152c238-3.6.2 samba-4.10.5+git.165.126b152c238-3.6.2 samba-client-4.10.5+git.165.126b152c238-3.6.2 samba-client-debuginfo-4.10.5+git.165.126b152c238-3.6.2 samba-debuginfo-4.10.5+git.165.126b152c238-3.6.2 samba-debugsource-4.10.5+git.165.126b152c238-3.6.2 samba-libs-4.10.5+git.165.126b152c238-3.6.2 samba-libs-debuginfo-4.10.5+git.165.126b152c238-3.6.2 samba-libs-python3-4.10.5+git.165.126b152c238-3.6.2 samba-libs-python3-debuginfo-4.10.5+git.165.126b152c238-3.6.2 samba-winbind-4.10.5+git.165.126b152c238-3.6.2 samba-winbind-debuginfo-4.10.5+git.165.126b152c238-3.6.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libdcerpc-binding0-32bit-4.10.5+git.165.126b152c238-3.6.2 libdcerpc-binding0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libdcerpc0-32bit-4.10.5+git.165.126b152c238-3.6.2 libdcerpc0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libndr-krb5pac0-32bit-4.10.5+git.165.126b152c238-3.6.2 libndr-krb5pac0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libndr-nbt0-32bit-4.10.5+git.165.126b152c238-3.6.2 libndr-nbt0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libndr-standard0-32bit-4.10.5+git.165.126b152c238-3.6.2 libndr-standard0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libndr0-32bit-4.10.5+git.165.126b152c238-3.6.2 libndr0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libnetapi0-32bit-4.10.5+git.165.126b152c238-3.6.2 libnetapi0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libsamba-credentials0-32bit-4.10.5+git.165.126b152c238-3.6.2 libsamba-credentials0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libsamba-errors0-32bit-4.10.5+git.165.126b152c238-3.6.2 libsamba-errors0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libsamba-hostconfig0-32bit-4.10.5+git.165.126b152c238-3.6.2 libsamba-hostconfig0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libsamba-passdb0-32bit-4.10.5+git.165.126b152c238-3.6.2 libsamba-passdb0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libsamba-util0-32bit-4.10.5+git.165.126b152c238-3.6.2 libsamba-util0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libsamdb0-32bit-4.10.5+git.165.126b152c238-3.6.2 libsamdb0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libsmbclient0-32bit-4.10.5+git.165.126b152c238-3.6.2 libsmbclient0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libsmbconf0-32bit-4.10.5+git.165.126b152c238-3.6.2 libsmbconf0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libsmbldap2-32bit-4.10.5+git.165.126b152c238-3.6.2 libsmbldap2-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libtevent-util0-32bit-4.10.5+git.165.126b152c238-3.6.2 libtevent-util0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 libwbclient0-32bit-4.10.5+git.165.126b152c238-3.6.2 libwbclient0-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 samba-client-32bit-4.10.5+git.165.126b152c238-3.6.2 samba-client-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 samba-libs-32bit-4.10.5+git.165.126b152c238-3.6.2 samba-libs-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 samba-libs-python3-32bit-4.10.5+git.165.126b152c238-3.6.2 samba-libs-python3-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 samba-winbind-32bit-4.10.5+git.165.126b152c238-3.6.2 samba-winbind-debuginfo-32bit-4.10.5+git.165.126b152c238-3.6.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): samba-doc-4.10.5+git.165.126b152c238-3.6.2 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.10.5+git.165.126b152c238-3.6.2 ctdb-debuginfo-4.10.5+git.165.126b152c238-3.6.2 samba-debuginfo-4.10.5+git.165.126b152c238-3.6.2 samba-debugsource-4.10.5+git.165.126b152c238-3.6.2 References: https://bugzilla.suse.com/1160490 https://bugzilla.suse.com/1161389 From sle-updates at lists.suse.com Thu Feb 6 13:12:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 21:12:08 +0100 (CET) Subject: SUSE-SU-2020:0352-1: moderate: Security update for php7 Message-ID: <20200206201208.98CB7F798@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0352-1 Rating: moderate References: #1159922 #1159923 #1159924 #1159927 Cross-References: CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for php7 fixes the following issues: - CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class (bsc#1159923). - CVE-2019-11046: Fixed an information leak in bc_shift_addsub() (bsc#1159924). - CVE-2019-11047, CVE-2019-11050: Fixed multiple information leaks in exif_read_data() (bsc#1159922, bsc#1159927). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-352=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-352=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-352=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.91.1 php7-debugsource-7.0.7-50.91.1 php7-devel-7.0.7-50.91.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.91.1 php7-debugsource-7.0.7-50.91.1 php7-devel-7.0.7-50.91.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.91.1 apache2-mod_php7-debuginfo-7.0.7-50.91.1 php7-7.0.7-50.91.1 php7-bcmath-7.0.7-50.91.1 php7-bcmath-debuginfo-7.0.7-50.91.1 php7-bz2-7.0.7-50.91.1 php7-bz2-debuginfo-7.0.7-50.91.1 php7-calendar-7.0.7-50.91.1 php7-calendar-debuginfo-7.0.7-50.91.1 php7-ctype-7.0.7-50.91.1 php7-ctype-debuginfo-7.0.7-50.91.1 php7-curl-7.0.7-50.91.1 php7-curl-debuginfo-7.0.7-50.91.1 php7-dba-7.0.7-50.91.1 php7-dba-debuginfo-7.0.7-50.91.1 php7-debuginfo-7.0.7-50.91.1 php7-debugsource-7.0.7-50.91.1 php7-dom-7.0.7-50.91.1 php7-dom-debuginfo-7.0.7-50.91.1 php7-enchant-7.0.7-50.91.1 php7-enchant-debuginfo-7.0.7-50.91.1 php7-exif-7.0.7-50.91.1 php7-exif-debuginfo-7.0.7-50.91.1 php7-fastcgi-7.0.7-50.91.1 php7-fastcgi-debuginfo-7.0.7-50.91.1 php7-fileinfo-7.0.7-50.91.1 php7-fileinfo-debuginfo-7.0.7-50.91.1 php7-fpm-7.0.7-50.91.1 php7-fpm-debuginfo-7.0.7-50.91.1 php7-ftp-7.0.7-50.91.1 php7-ftp-debuginfo-7.0.7-50.91.1 php7-gd-7.0.7-50.91.1 php7-gd-debuginfo-7.0.7-50.91.1 php7-gettext-7.0.7-50.91.1 php7-gettext-debuginfo-7.0.7-50.91.1 php7-gmp-7.0.7-50.91.1 php7-gmp-debuginfo-7.0.7-50.91.1 php7-iconv-7.0.7-50.91.1 php7-iconv-debuginfo-7.0.7-50.91.1 php7-imap-7.0.7-50.91.1 php7-imap-debuginfo-7.0.7-50.91.1 php7-intl-7.0.7-50.91.1 php7-intl-debuginfo-7.0.7-50.91.1 php7-json-7.0.7-50.91.1 php7-json-debuginfo-7.0.7-50.91.1 php7-ldap-7.0.7-50.91.1 php7-ldap-debuginfo-7.0.7-50.91.1 php7-mbstring-7.0.7-50.91.1 php7-mbstring-debuginfo-7.0.7-50.91.1 php7-mcrypt-7.0.7-50.91.1 php7-mcrypt-debuginfo-7.0.7-50.91.1 php7-mysql-7.0.7-50.91.1 php7-mysql-debuginfo-7.0.7-50.91.1 php7-odbc-7.0.7-50.91.1 php7-odbc-debuginfo-7.0.7-50.91.1 php7-opcache-7.0.7-50.91.1 php7-opcache-debuginfo-7.0.7-50.91.1 php7-openssl-7.0.7-50.91.1 php7-openssl-debuginfo-7.0.7-50.91.1 php7-pcntl-7.0.7-50.91.1 php7-pcntl-debuginfo-7.0.7-50.91.1 php7-pdo-7.0.7-50.91.1 php7-pdo-debuginfo-7.0.7-50.91.1 php7-pgsql-7.0.7-50.91.1 php7-pgsql-debuginfo-7.0.7-50.91.1 php7-phar-7.0.7-50.91.1 php7-phar-debuginfo-7.0.7-50.91.1 php7-posix-7.0.7-50.91.1 php7-posix-debuginfo-7.0.7-50.91.1 php7-pspell-7.0.7-50.91.1 php7-pspell-debuginfo-7.0.7-50.91.1 php7-shmop-7.0.7-50.91.1 php7-shmop-debuginfo-7.0.7-50.91.1 php7-snmp-7.0.7-50.91.1 php7-snmp-debuginfo-7.0.7-50.91.1 php7-soap-7.0.7-50.91.1 php7-soap-debuginfo-7.0.7-50.91.1 php7-sockets-7.0.7-50.91.1 php7-sockets-debuginfo-7.0.7-50.91.1 php7-sqlite-7.0.7-50.91.1 php7-sqlite-debuginfo-7.0.7-50.91.1 php7-sysvmsg-7.0.7-50.91.1 php7-sysvmsg-debuginfo-7.0.7-50.91.1 php7-sysvsem-7.0.7-50.91.1 php7-sysvsem-debuginfo-7.0.7-50.91.1 php7-sysvshm-7.0.7-50.91.1 php7-sysvshm-debuginfo-7.0.7-50.91.1 php7-tokenizer-7.0.7-50.91.1 php7-tokenizer-debuginfo-7.0.7-50.91.1 php7-wddx-7.0.7-50.91.1 php7-wddx-debuginfo-7.0.7-50.91.1 php7-xmlreader-7.0.7-50.91.1 php7-xmlreader-debuginfo-7.0.7-50.91.1 php7-xmlrpc-7.0.7-50.91.1 php7-xmlrpc-debuginfo-7.0.7-50.91.1 php7-xmlwriter-7.0.7-50.91.1 php7-xmlwriter-debuginfo-7.0.7-50.91.1 php7-xsl-7.0.7-50.91.1 php7-xsl-debuginfo-7.0.7-50.91.1 php7-zip-7.0.7-50.91.1 php7-zip-debuginfo-7.0.7-50.91.1 php7-zlib-7.0.7-50.91.1 php7-zlib-debuginfo-7.0.7-50.91.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.91.1 php7-pear-Archive_Tar-7.0.7-50.91.1 References: https://www.suse.com/security/cve/CVE-2019-11045.html https://www.suse.com/security/cve/CVE-2019-11046.html https://www.suse.com/security/cve/CVE-2019-11047.html https://www.suse.com/security/cve/CVE-2019-11050.html https://bugzilla.suse.com/1159922 https://bugzilla.suse.com/1159923 https://bugzilla.suse.com/1159924 https://bugzilla.suse.com/1159927 From sle-updates at lists.suse.com Thu Feb 6 13:13:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 21:13:56 +0100 (CET) Subject: SUSE-SU-2020:0353-1: important: Security update for systemd Message-ID: <20200206201356.9A9AAF798@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0353-1 Rating: important References: #1106383 #1127557 #1133495 #1139459 #1140631 #1150595 #1151377 #1151506 #1154043 #1154948 #1155574 #1156482 #1159814 #1162108 Cross-References: CVE-2020-1712 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has 13 fixes is now available. Description: This update for systemd provides the following fixes: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - sd-bus: Deal with cookie overruns. (bsc#1150595) - rules: Add by-id symlinks for persistent memory. (bsc#1140631) - Drop the old fds used for logging and reopen them in the sub process before doing any new logging. (bsc#1154948) - Fix warnings thrown during package installation (bsc#1154043) - Fix for systemctl hanging by restart. (bsc#1139459) - man: mention that alias names are only effective after 'systemctl enable'. (bsc#1151377) - ask-password: improve log message when inotify limit is reached. (bsc#1155574) - udevd: wait for workers to finish when exiting. (bsc#1106383) - core: fragments of masked units ought not be considered for NeedDaemonReload. (bsc#1156482) - udev: fix 'NULL' deref when executing rules. (bsc#1151506) - Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-353=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-353=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libudev-devel-228-157.9.1 systemd-debuginfo-228-157.9.1 systemd-debugsource-228-157.9.1 systemd-devel-228-157.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsystemd0-228-157.9.1 libsystemd0-debuginfo-228-157.9.1 libudev1-228-157.9.1 libudev1-debuginfo-228-157.9.1 systemd-228-157.9.1 systemd-debuginfo-228-157.9.1 systemd-debugsource-228-157.9.1 systemd-sysvinit-228-157.9.1 udev-228-157.9.1 udev-debuginfo-228-157.9.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsystemd0-32bit-228-157.9.1 libsystemd0-debuginfo-32bit-228-157.9.1 libudev1-32bit-228-157.9.1 libudev1-debuginfo-32bit-228-157.9.1 systemd-32bit-228-157.9.1 systemd-debuginfo-32bit-228-157.9.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): systemd-bash-completion-228-157.9.1 References: https://www.suse.com/security/cve/CVE-2020-1712.html https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1127557 https://bugzilla.suse.com/1133495 https://bugzilla.suse.com/1139459 https://bugzilla.suse.com/1140631 https://bugzilla.suse.com/1150595 https://bugzilla.suse.com/1151377 https://bugzilla.suse.com/1151506 https://bugzilla.suse.com/1154043 https://bugzilla.suse.com/1154948 https://bugzilla.suse.com/1155574 https://bugzilla.suse.com/1156482 https://bugzilla.suse.com/1159814 https://bugzilla.suse.com/1162108 From sle-updates at lists.suse.com Thu Feb 6 13:18:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Feb 2020 21:18:08 +0100 (CET) Subject: SUSE-SU-2020:0351-1: important: Security update for wicked Message-ID: <20200206201808.CF99EF79E@maintenance.suse.de> SUSE Security Update: Security update for wicked ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0351-1 Rating: important References: #1142214 #1160903 #1160904 #1160905 #1160906 Cross-References: CVE-2019-18902 CVE-2019-18903 CVE-2020-7216 CVE-2020-7217 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for wicked fixes the following issues: Security issues fixed: - CVE-2019-18902: Fixed a use-after-free when receiving invalid DHCP6 client options (bsc#1160903). - CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IA_PD option (bsc#1160904). - CVE-2020-7216: Fixed a potential denial of service via a memory leak when processing packets with missing message type option in DHCP4 (bsc#1160905). - CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids (bsc#1160906). Non-security issue fixed: - dhcp4: Fixed an intermittent hang during network setup by cleaning up the defer timer pointer (bsc#1142214). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-351=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): wicked-0.6.60-3.5.1 wicked-debuginfo-0.6.60-3.5.1 wicked-debugsource-0.6.60-3.5.1 wicked-service-0.6.60-3.5.1 References: https://www.suse.com/security/cve/CVE-2019-18902.html https://www.suse.com/security/cve/CVE-2019-18903.html https://www.suse.com/security/cve/CVE-2020-7216.html https://www.suse.com/security/cve/CVE-2020-7217.html https://bugzilla.suse.com/1142214 https://bugzilla.suse.com/1160903 https://bugzilla.suse.com/1160904 https://bugzilla.suse.com/1160905 https://bugzilla.suse.com/1160906 From sle-updates at lists.suse.com Fri Feb 7 00:00:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 08:00:42 +0100 (CET) Subject: SUSE-CU-2020:50-1: Security update of suse/sles12sp5 Message-ID: <20200207070042.D0A2DF79E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:50-1 Container Tags : suse/sles12sp5:5.2.284 , suse/sles12sp5:latest Container Release : 5.2.284 Severity : important Type : security References : 1106383 1127557 1133495 1139459 1140631 1150595 1151377 1151506 1154043 1154948 1155574 1156482 1159814 1162108 CVE-2020-1712 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:353-1 Released: Thu Feb 6 17:34:41 2020 Summary: Security update for systemd Type: security Severity: important References: 1106383,1127557,1133495,1139459,1140631,1150595,1151377,1151506,1154043,1154948,1155574,1156482,1159814,1162108,CVE-2020-1712 Description: This update for systemd provides the following fixes: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - sd-bus: Deal with cookie overruns. (bsc#1150595) - rules: Add by-id symlinks for persistent memory. (bsc#1140631) - Drop the old fds used for logging and reopen them in the sub process before doing any new logging. (bsc#1154948) - Fix warnings thrown during package installation (bsc#1154043) - Fix for systemctl hanging by restart. (bsc#1139459) - man: mention that alias names are only effective after 'systemctl enable'. (bsc#1151377) - ask-password: improve log message when inotify limit is reached. (bsc#1155574) - udevd: wait for workers to finish when exiting. (bsc#1106383) - core: fragments of masked units ought not be considered for NeedDaemonReload. (bsc#1156482) - udev: fix 'NULL' deref when executing rules. (bsc#1151506) - Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814) From sle-updates at lists.suse.com Fri Feb 7 07:11:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 15:11:27 +0100 (CET) Subject: SUSE-SU-2020:0355-1: important: Security update for pcp Message-ID: <20200207141127.9FF80F798@maintenance.suse.de> SUSE Security Update: Security update for pcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0355-1 Rating: important References: #1129991 #1152763 #1153921 Cross-References: CVE-2019-3695 CVE-2019-3696 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for pcp fixes the following issues: Security issue fixed: - CVE-2019-3695: Fixed a local privilege escalation of the pcp user during package update (bsc#1152763). Non-security issue fixed: - Fixed an dependency issue with pcp2csv (bsc#1129991). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-355=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-355=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): pcp-debuginfo-4.3.1-3.5.3 pcp-debugsource-4.3.1-3.5.3 pcp-export-pcp2elasticsearch-4.3.1-3.5.3 pcp-export-pcp2graphite-4.3.1-3.5.3 pcp-export-pcp2influxdb-4.3.1-3.5.3 pcp-export-pcp2json-4.3.1-3.5.3 pcp-export-pcp2spark-4.3.1-3.5.3 pcp-export-pcp2xml-4.3.1-3.5.3 pcp-export-pcp2zabbix-4.3.1-3.5.3 pcp-export-zabbix-agent-4.3.1-3.5.3 pcp-export-zabbix-agent-debuginfo-4.3.1-3.5.3 pcp-gui-4.3.1-3.5.3 pcp-gui-debuginfo-4.3.1-3.5.3 pcp-import-collectl2pcp-4.3.1-3.5.3 pcp-import-collectl2pcp-debuginfo-4.3.1-3.5.3 pcp-import-ganglia2pcp-4.3.1-3.5.3 pcp-manager-4.3.1-3.5.3 pcp-manager-debuginfo-4.3.1-3.5.3 pcp-pmda-activemq-4.3.1-3.5.3 pcp-pmda-apache-4.3.1-3.5.3 pcp-pmda-apache-debuginfo-4.3.1-3.5.3 pcp-pmda-bash-4.3.1-3.5.3 pcp-pmda-bash-debuginfo-4.3.1-3.5.3 pcp-pmda-bind2-4.3.1-3.5.3 pcp-pmda-bonding-4.3.1-3.5.3 pcp-pmda-cifs-4.3.1-3.5.3 pcp-pmda-cifs-debuginfo-4.3.1-3.5.3 pcp-pmda-cisco-4.3.1-3.5.3 pcp-pmda-cisco-debuginfo-4.3.1-3.5.3 pcp-pmda-dbping-4.3.1-3.5.3 pcp-pmda-dm-4.3.1-3.5.3 pcp-pmda-dm-debuginfo-4.3.1-3.5.3 pcp-pmda-docker-4.3.1-3.5.3 pcp-pmda-docker-debuginfo-4.3.1-3.5.3 pcp-pmda-ds389-4.3.1-3.5.3 pcp-pmda-ds389log-4.3.1-3.5.3 pcp-pmda-elasticsearch-4.3.1-3.5.3 pcp-pmda-gfs2-4.3.1-3.5.3 pcp-pmda-gfs2-debuginfo-4.3.1-3.5.3 pcp-pmda-gluster-4.3.1-3.5.3 pcp-pmda-gpfs-4.3.1-3.5.3 pcp-pmda-gpsd-4.3.1-3.5.3 pcp-pmda-haproxy-4.3.1-3.5.3 pcp-pmda-json-4.3.1-3.5.3 pcp-pmda-lmsensors-4.3.1-3.5.3 pcp-pmda-logger-4.3.1-3.5.3 pcp-pmda-logger-debuginfo-4.3.1-3.5.3 pcp-pmda-lustre-4.3.1-3.5.3 pcp-pmda-lustrecomm-4.3.1-3.5.3 pcp-pmda-lustrecomm-debuginfo-4.3.1-3.5.3 pcp-pmda-mailq-4.3.1-3.5.3 pcp-pmda-mailq-debuginfo-4.3.1-3.5.3 pcp-pmda-memcache-4.3.1-3.5.3 pcp-pmda-mic-4.3.1-3.5.3 pcp-pmda-mounts-4.3.1-3.5.3 pcp-pmda-mounts-debuginfo-4.3.1-3.5.3 pcp-pmda-mysql-4.3.1-3.5.3 pcp-pmda-named-4.3.1-3.5.3 pcp-pmda-netfilter-4.3.1-3.5.3 pcp-pmda-news-4.3.1-3.5.3 pcp-pmda-nfsclient-4.3.1-3.5.3 pcp-pmda-nginx-4.3.1-3.5.3 pcp-pmda-nutcracker-4.3.1-3.5.3 pcp-pmda-nvidia-gpu-4.3.1-3.5.3 pcp-pmda-nvidia-gpu-debuginfo-4.3.1-3.5.3 pcp-pmda-oracle-4.3.1-3.5.3 pcp-pmda-pdns-4.3.1-3.5.3 pcp-pmda-postfix-4.3.1-3.5.3 pcp-pmda-prometheus-4.3.1-3.5.3 pcp-pmda-redis-4.3.1-3.5.3 pcp-pmda-roomtemp-4.3.1-3.5.3 pcp-pmda-roomtemp-debuginfo-4.3.1-3.5.3 pcp-pmda-rpm-4.3.1-3.5.3 pcp-pmda-rpm-debuginfo-4.3.1-3.5.3 pcp-pmda-rsyslog-4.3.1-3.5.3 pcp-pmda-samba-4.3.1-3.5.3 pcp-pmda-sendmail-4.3.1-3.5.3 pcp-pmda-sendmail-debuginfo-4.3.1-3.5.3 pcp-pmda-shping-4.3.1-3.5.3 pcp-pmda-shping-debuginfo-4.3.1-3.5.3 pcp-pmda-slurm-4.3.1-3.5.3 pcp-pmda-smart-4.3.1-3.5.3 pcp-pmda-smart-debuginfo-4.3.1-3.5.3 pcp-pmda-snmp-4.3.1-3.5.3 pcp-pmda-summary-4.3.1-3.5.3 pcp-pmda-summary-debuginfo-4.3.1-3.5.3 pcp-pmda-systemd-4.3.1-3.5.3 pcp-pmda-systemd-debuginfo-4.3.1-3.5.3 pcp-pmda-trace-4.3.1-3.5.3 pcp-pmda-trace-debuginfo-4.3.1-3.5.3 pcp-pmda-unbound-4.3.1-3.5.3 pcp-pmda-vmware-4.3.1-3.5.3 pcp-pmda-weblog-4.3.1-3.5.3 pcp-pmda-weblog-debuginfo-4.3.1-3.5.3 pcp-pmda-zimbra-4.3.1-3.5.3 pcp-pmda-zswap-4.3.1-3.5.3 pcp-testsuite-4.3.1-3.5.3 pcp-testsuite-debuginfo-4.3.1-3.5.3 pcp-webapi-4.3.1-3.5.3 pcp-webapi-debuginfo-4.3.1-3.5.3 pcp-zeroconf-4.3.1-3.5.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le x86_64): pcp-pmda-infiniband-4.3.1-3.5.3 pcp-pmda-infiniband-debuginfo-4.3.1-3.5.3 pcp-pmda-papi-4.3.1-3.5.3 pcp-pmda-papi-debuginfo-4.3.1-3.5.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 x86_64): pcp-pmda-perfevent-4.3.1-3.5.3 pcp-pmda-perfevent-debuginfo-4.3.1-3.5.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): libpcp_import1-4.3.1-3.5.3 libpcp_import1-debuginfo-4.3.1-3.5.3 libpcp_mmv1-4.3.1-3.5.3 libpcp_mmv1-debuginfo-4.3.1-3.5.3 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libpcp-devel-4.3.1-3.5.3 libpcp3-4.3.1-3.5.3 libpcp3-debuginfo-4.3.1-3.5.3 libpcp_gui2-4.3.1-3.5.3 libpcp_gui2-debuginfo-4.3.1-3.5.3 libpcp_import1-4.3.1-3.5.3 libpcp_import1-debuginfo-4.3.1-3.5.3 libpcp_mmv1-4.3.1-3.5.3 libpcp_mmv1-debuginfo-4.3.1-3.5.3 libpcp_trace2-4.3.1-3.5.3 libpcp_trace2-debuginfo-4.3.1-3.5.3 libpcp_web1-4.3.1-3.5.3 libpcp_web1-debuginfo-4.3.1-3.5.3 pcp-4.3.1-3.5.3 pcp-conf-4.3.1-3.5.3 pcp-debuginfo-4.3.1-3.5.3 pcp-debugsource-4.3.1-3.5.3 pcp-devel-4.3.1-3.5.3 pcp-devel-debuginfo-4.3.1-3.5.3 pcp-import-iostat2pcp-4.3.1-3.5.3 pcp-import-mrtg2pcp-4.3.1-3.5.3 pcp-import-sar2pcp-4.3.1-3.5.3 pcp-system-tools-4.3.1-3.5.3 pcp-system-tools-debuginfo-4.3.1-3.5.3 perl-PCP-LogImport-4.3.1-3.5.3 perl-PCP-LogImport-debuginfo-4.3.1-3.5.3 perl-PCP-LogSummary-4.3.1-3.5.3 perl-PCP-MMV-4.3.1-3.5.3 perl-PCP-MMV-debuginfo-4.3.1-3.5.3 perl-PCP-PMDA-4.3.1-3.5.3 perl-PCP-PMDA-debuginfo-4.3.1-3.5.3 python3-pcp-4.3.1-3.5.3 python3-pcp-debuginfo-4.3.1-3.5.3 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (ppc64le): pcp-pmda-perfevent-4.3.1-3.5.3 pcp-pmda-perfevent-debuginfo-4.3.1-3.5.3 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): pcp-doc-4.3.1-3.5.3 References: https://www.suse.com/security/cve/CVE-2019-3695.html https://www.suse.com/security/cve/CVE-2019-3696.html https://bugzilla.suse.com/1129991 https://bugzilla.suse.com/1152763 https://bugzilla.suse.com/1153921 From sle-updates at lists.suse.com Fri Feb 7 07:13:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 15:13:17 +0100 (CET) Subject: SUSE-SU-2020:0356-1: important: Security update for pcp Message-ID: <20200207141317.52224F798@maintenance.suse.de> SUSE Security Update: Security update for pcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0356-1 Rating: important References: #1129991 #1152763 #1153921 Cross-References: CVE-2019-3695 CVE-2019-3696 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for pcp fixes the following issues: Security issue fixed: - CVE-2019-3696: Fixed a local privilege escalation in migrate_tempdirs() (bsc#1153921). - CVE-2019-3695: Fixed a local privilege escalation of the pcp user during package update (bsc#1152763). Non-security issue fixed: - Fixed an dependency issue with pcp2csv (bsc#1129991). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-356=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-356=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libpcp-devel-3.11.9-6.14.1 libpcp3-3.11.9-6.14.1 libpcp3-debuginfo-3.11.9-6.14.1 libpcp_gui2-3.11.9-6.14.1 libpcp_gui2-debuginfo-3.11.9-6.14.1 libpcp_import1-3.11.9-6.14.1 libpcp_import1-debuginfo-3.11.9-6.14.1 libpcp_mmv1-3.11.9-6.14.1 libpcp_mmv1-debuginfo-3.11.9-6.14.1 libpcp_trace2-3.11.9-6.14.1 libpcp_trace2-debuginfo-3.11.9-6.14.1 libpcp_web1-3.11.9-6.14.1 libpcp_web1-debuginfo-3.11.9-6.14.1 pcp-3.11.9-6.14.1 pcp-conf-3.11.9-6.14.1 pcp-debuginfo-3.11.9-6.14.1 pcp-debugsource-3.11.9-6.14.1 pcp-devel-3.11.9-6.14.1 pcp-devel-debuginfo-3.11.9-6.14.1 pcp-export-pcp2graphite-3.11.9-6.14.1 pcp-export-pcp2influxdb-3.11.9-6.14.1 pcp-export-zabbix-agent-3.11.9-6.14.1 pcp-export-zabbix-agent-debuginfo-3.11.9-6.14.1 pcp-gui-3.11.9-6.14.1 pcp-gui-debuginfo-3.11.9-6.14.1 pcp-import-collectl2pcp-3.11.9-6.14.1 pcp-import-collectl2pcp-debuginfo-3.11.9-6.14.1 pcp-import-ganglia2pcp-3.11.9-6.14.1 pcp-import-iostat2pcp-3.11.9-6.14.1 pcp-import-mrtg2pcp-3.11.9-6.14.1 pcp-import-sar2pcp-3.11.9-6.14.1 pcp-manager-3.11.9-6.14.1 pcp-manager-debuginfo-3.11.9-6.14.1 pcp-pmda-activemq-3.11.9-6.14.1 pcp-pmda-apache-3.11.9-6.14.1 pcp-pmda-apache-debuginfo-3.11.9-6.14.1 pcp-pmda-bash-3.11.9-6.14.1 pcp-pmda-bash-debuginfo-3.11.9-6.14.1 pcp-pmda-bind2-3.11.9-6.14.1 pcp-pmda-bonding-3.11.9-6.14.1 pcp-pmda-cifs-3.11.9-6.14.1 pcp-pmda-cifs-debuginfo-3.11.9-6.14.1 pcp-pmda-cisco-3.11.9-6.14.1 pcp-pmda-cisco-debuginfo-3.11.9-6.14.1 pcp-pmda-dbping-3.11.9-6.14.1 pcp-pmda-dm-3.11.9-6.14.1 pcp-pmda-dm-debuginfo-3.11.9-6.14.1 pcp-pmda-docker-3.11.9-6.14.1 pcp-pmda-docker-debuginfo-3.11.9-6.14.1 pcp-pmda-ds389-3.11.9-6.14.1 pcp-pmda-ds389log-3.11.9-6.14.1 pcp-pmda-elasticsearch-3.11.9-6.14.1 pcp-pmda-gfs2-3.11.9-6.14.1 pcp-pmda-gfs2-debuginfo-3.11.9-6.14.1 pcp-pmda-gluster-3.11.9-6.14.1 pcp-pmda-gpfs-3.11.9-6.14.1 pcp-pmda-gpsd-3.11.9-6.14.1 pcp-pmda-kvm-3.11.9-6.14.1 pcp-pmda-libvirt-3.11.9-6.14.1 pcp-pmda-lio-3.11.9-6.14.1 pcp-pmda-lmsensors-3.11.9-6.14.1 pcp-pmda-lmsensors-debuginfo-3.11.9-6.14.1 pcp-pmda-logger-3.11.9-6.14.1 pcp-pmda-logger-debuginfo-3.11.9-6.14.1 pcp-pmda-lustre-3.11.9-6.14.1 pcp-pmda-lustrecomm-3.11.9-6.14.1 pcp-pmda-lustrecomm-debuginfo-3.11.9-6.14.1 pcp-pmda-mailq-3.11.9-6.14.1 pcp-pmda-mailq-debuginfo-3.11.9-6.14.1 pcp-pmda-memcache-3.11.9-6.14.1 pcp-pmda-mic-3.11.9-6.14.1 pcp-pmda-mounts-3.11.9-6.14.1 pcp-pmda-mounts-debuginfo-3.11.9-6.14.1 pcp-pmda-mysql-3.11.9-6.14.1 pcp-pmda-named-3.11.9-6.14.1 pcp-pmda-netfilter-3.11.9-6.14.1 pcp-pmda-news-3.11.9-6.14.1 pcp-pmda-nfsclient-3.11.9-6.14.1 pcp-pmda-nginx-3.11.9-6.14.1 pcp-pmda-nutcracker-3.11.9-6.14.1 pcp-pmda-nvidia-gpu-3.11.9-6.14.1 pcp-pmda-nvidia-gpu-debuginfo-3.11.9-6.14.1 pcp-pmda-oracle-3.11.9-6.14.1 pcp-pmda-pdns-3.11.9-6.14.1 pcp-pmda-postfix-3.11.9-6.14.1 pcp-pmda-redis-3.11.9-6.14.1 pcp-pmda-roomtemp-3.11.9-6.14.1 pcp-pmda-roomtemp-debuginfo-3.11.9-6.14.1 pcp-pmda-rpm-3.11.9-6.14.1 pcp-pmda-rpm-debuginfo-3.11.9-6.14.1 pcp-pmda-rsyslog-3.11.9-6.14.1 pcp-pmda-samba-3.11.9-6.14.1 pcp-pmda-sendmail-3.11.9-6.14.1 pcp-pmda-sendmail-debuginfo-3.11.9-6.14.1 pcp-pmda-shping-3.11.9-6.14.1 pcp-pmda-shping-debuginfo-3.11.9-6.14.1 pcp-pmda-slurm-3.11.9-6.14.1 pcp-pmda-snmp-3.11.9-6.14.1 pcp-pmda-summary-3.11.9-6.14.1 pcp-pmda-summary-debuginfo-3.11.9-6.14.1 pcp-pmda-systemd-3.11.9-6.14.1 pcp-pmda-systemd-debuginfo-3.11.9-6.14.1 pcp-pmda-trace-3.11.9-6.14.1 pcp-pmda-trace-debuginfo-3.11.9-6.14.1 pcp-pmda-unbound-3.11.9-6.14.1 pcp-pmda-vmware-3.11.9-6.14.1 pcp-pmda-weblog-3.11.9-6.14.1 pcp-pmda-weblog-debuginfo-3.11.9-6.14.1 pcp-pmda-zimbra-3.11.9-6.14.1 pcp-pmda-zswap-3.11.9-6.14.1 pcp-system-tools-3.11.9-6.14.1 pcp-webapi-3.11.9-6.14.1 pcp-webapi-debuginfo-3.11.9-6.14.1 perl-PCP-LogImport-3.11.9-6.14.1 perl-PCP-LogImport-debuginfo-3.11.9-6.14.1 perl-PCP-LogSummary-3.11.9-6.14.1 perl-PCP-MMV-3.11.9-6.14.1 perl-PCP-MMV-debuginfo-3.11.9-6.14.1 perl-PCP-PMDA-3.11.9-6.14.1 perl-PCP-PMDA-debuginfo-3.11.9-6.14.1 python-pcp-3.11.9-6.14.1 python-pcp-debuginfo-3.11.9-6.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le x86_64): pcp-pmda-infiniband-3.11.9-6.14.1 pcp-pmda-infiniband-debuginfo-3.11.9-6.14.1 pcp-pmda-perfevent-3.11.9-6.14.1 pcp-pmda-perfevent-debuginfo-3.11.9-6.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): pcp-doc-3.11.9-6.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libpcp-devel-3.11.9-6.14.1 libpcp3-3.11.9-6.14.1 libpcp3-debuginfo-3.11.9-6.14.1 libpcp_gui2-3.11.9-6.14.1 libpcp_gui2-debuginfo-3.11.9-6.14.1 libpcp_import1-3.11.9-6.14.1 libpcp_import1-debuginfo-3.11.9-6.14.1 libpcp_mmv1-3.11.9-6.14.1 libpcp_mmv1-debuginfo-3.11.9-6.14.1 libpcp_trace2-3.11.9-6.14.1 libpcp_trace2-debuginfo-3.11.9-6.14.1 libpcp_web1-3.11.9-6.14.1 libpcp_web1-debuginfo-3.11.9-6.14.1 pcp-3.11.9-6.14.1 pcp-conf-3.11.9-6.14.1 pcp-debuginfo-3.11.9-6.14.1 pcp-debugsource-3.11.9-6.14.1 pcp-devel-3.11.9-6.14.1 pcp-devel-debuginfo-3.11.9-6.14.1 pcp-export-pcp2graphite-3.11.9-6.14.1 pcp-export-pcp2influxdb-3.11.9-6.14.1 pcp-export-zabbix-agent-3.11.9-6.14.1 pcp-export-zabbix-agent-debuginfo-3.11.9-6.14.1 pcp-gui-3.11.9-6.14.1 pcp-gui-debuginfo-3.11.9-6.14.1 pcp-import-collectl2pcp-3.11.9-6.14.1 pcp-import-collectl2pcp-debuginfo-3.11.9-6.14.1 pcp-import-ganglia2pcp-3.11.9-6.14.1 pcp-import-iostat2pcp-3.11.9-6.14.1 pcp-import-mrtg2pcp-3.11.9-6.14.1 pcp-import-sar2pcp-3.11.9-6.14.1 pcp-manager-3.11.9-6.14.1 pcp-manager-debuginfo-3.11.9-6.14.1 pcp-pmda-activemq-3.11.9-6.14.1 pcp-pmda-apache-3.11.9-6.14.1 pcp-pmda-apache-debuginfo-3.11.9-6.14.1 pcp-pmda-bash-3.11.9-6.14.1 pcp-pmda-bash-debuginfo-3.11.9-6.14.1 pcp-pmda-bind2-3.11.9-6.14.1 pcp-pmda-bonding-3.11.9-6.14.1 pcp-pmda-cifs-3.11.9-6.14.1 pcp-pmda-cifs-debuginfo-3.11.9-6.14.1 pcp-pmda-cisco-3.11.9-6.14.1 pcp-pmda-cisco-debuginfo-3.11.9-6.14.1 pcp-pmda-dbping-3.11.9-6.14.1 pcp-pmda-dm-3.11.9-6.14.1 pcp-pmda-dm-debuginfo-3.11.9-6.14.1 pcp-pmda-docker-3.11.9-6.14.1 pcp-pmda-docker-debuginfo-3.11.9-6.14.1 pcp-pmda-ds389-3.11.9-6.14.1 pcp-pmda-ds389log-3.11.9-6.14.1 pcp-pmda-elasticsearch-3.11.9-6.14.1 pcp-pmda-gfs2-3.11.9-6.14.1 pcp-pmda-gfs2-debuginfo-3.11.9-6.14.1 pcp-pmda-gluster-3.11.9-6.14.1 pcp-pmda-gpfs-3.11.9-6.14.1 pcp-pmda-gpsd-3.11.9-6.14.1 pcp-pmda-kvm-3.11.9-6.14.1 pcp-pmda-libvirt-3.11.9-6.14.1 pcp-pmda-lio-3.11.9-6.14.1 pcp-pmda-lmsensors-3.11.9-6.14.1 pcp-pmda-lmsensors-debuginfo-3.11.9-6.14.1 pcp-pmda-logger-3.11.9-6.14.1 pcp-pmda-logger-debuginfo-3.11.9-6.14.1 pcp-pmda-lustre-3.11.9-6.14.1 pcp-pmda-lustrecomm-3.11.9-6.14.1 pcp-pmda-lustrecomm-debuginfo-3.11.9-6.14.1 pcp-pmda-mailq-3.11.9-6.14.1 pcp-pmda-mailq-debuginfo-3.11.9-6.14.1 pcp-pmda-memcache-3.11.9-6.14.1 pcp-pmda-mic-3.11.9-6.14.1 pcp-pmda-mounts-3.11.9-6.14.1 pcp-pmda-mounts-debuginfo-3.11.9-6.14.1 pcp-pmda-mysql-3.11.9-6.14.1 pcp-pmda-named-3.11.9-6.14.1 pcp-pmda-netfilter-3.11.9-6.14.1 pcp-pmda-news-3.11.9-6.14.1 pcp-pmda-nfsclient-3.11.9-6.14.1 pcp-pmda-nginx-3.11.9-6.14.1 pcp-pmda-nutcracker-3.11.9-6.14.1 pcp-pmda-nvidia-gpu-3.11.9-6.14.1 pcp-pmda-nvidia-gpu-debuginfo-3.11.9-6.14.1 pcp-pmda-oracle-3.11.9-6.14.1 pcp-pmda-pdns-3.11.9-6.14.1 pcp-pmda-postfix-3.11.9-6.14.1 pcp-pmda-redis-3.11.9-6.14.1 pcp-pmda-roomtemp-3.11.9-6.14.1 pcp-pmda-roomtemp-debuginfo-3.11.9-6.14.1 pcp-pmda-rpm-3.11.9-6.14.1 pcp-pmda-rpm-debuginfo-3.11.9-6.14.1 pcp-pmda-rsyslog-3.11.9-6.14.1 pcp-pmda-samba-3.11.9-6.14.1 pcp-pmda-sendmail-3.11.9-6.14.1 pcp-pmda-sendmail-debuginfo-3.11.9-6.14.1 pcp-pmda-shping-3.11.9-6.14.1 pcp-pmda-shping-debuginfo-3.11.9-6.14.1 pcp-pmda-slurm-3.11.9-6.14.1 pcp-pmda-snmp-3.11.9-6.14.1 pcp-pmda-summary-3.11.9-6.14.1 pcp-pmda-summary-debuginfo-3.11.9-6.14.1 pcp-pmda-systemd-3.11.9-6.14.1 pcp-pmda-systemd-debuginfo-3.11.9-6.14.1 pcp-pmda-trace-3.11.9-6.14.1 pcp-pmda-trace-debuginfo-3.11.9-6.14.1 pcp-pmda-unbound-3.11.9-6.14.1 pcp-pmda-vmware-3.11.9-6.14.1 pcp-pmda-weblog-3.11.9-6.14.1 pcp-pmda-weblog-debuginfo-3.11.9-6.14.1 pcp-pmda-zimbra-3.11.9-6.14.1 pcp-pmda-zswap-3.11.9-6.14.1 pcp-system-tools-3.11.9-6.14.1 pcp-webapi-3.11.9-6.14.1 pcp-webapi-debuginfo-3.11.9-6.14.1 perl-PCP-LogImport-3.11.9-6.14.1 perl-PCP-LogImport-debuginfo-3.11.9-6.14.1 perl-PCP-LogSummary-3.11.9-6.14.1 perl-PCP-MMV-3.11.9-6.14.1 perl-PCP-MMV-debuginfo-3.11.9-6.14.1 perl-PCP-PMDA-3.11.9-6.14.1 perl-PCP-PMDA-debuginfo-3.11.9-6.14.1 python-pcp-3.11.9-6.14.1 python-pcp-debuginfo-3.11.9-6.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le x86_64): pcp-pmda-infiniband-3.11.9-6.14.1 pcp-pmda-infiniband-debuginfo-3.11.9-6.14.1 pcp-pmda-perfevent-3.11.9-6.14.1 pcp-pmda-perfevent-debuginfo-3.11.9-6.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): pcp-doc-3.11.9-6.14.1 References: https://www.suse.com/security/cve/CVE-2019-3695.html https://www.suse.com/security/cve/CVE-2019-3696.html https://bugzilla.suse.com/1129991 https://bugzilla.suse.com/1152763 https://bugzilla.suse.com/1153921 From sle-updates at lists.suse.com Fri Feb 7 07:14:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 15:14:10 +0100 (CET) Subject: SUSE-RU-2020:0362-1: moderate: Recommended update for libXi Message-ID: <20200207141410.B00CBF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for libXi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0362-1 Rating: moderate References: #1153311 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libXi fixes the following issue: - The libXi6-32bit library on x86_64 are now shipped in the Basesystem module. (bsc#1153311) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-362=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-362=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-362=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libXi-debugsource-1.7.9-3.2.1 libXi-devel-32bit-1.7.9-3.2.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (x86_64): libXi-debugsource-1.7.9-3.2.1 libXi6-32bit-1.7.9-3.2.1 libXi6-32bit-debuginfo-1.7.9-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libXi-debugsource-1.7.9-3.2.1 libXi-devel-1.7.9-3.2.1 libXi6-1.7.9-3.2.1 libXi6-debuginfo-1.7.9-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libXi6-32bit-1.7.9-3.2.1 libXi6-32bit-debuginfo-1.7.9-3.2.1 References: https://bugzilla.suse.com/1153311 From sle-updates at lists.suse.com Fri Feb 7 07:14:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 15:14:53 +0100 (CET) Subject: SUSE-SU-2020:0357-1: important: Security update for pcp Message-ID: <20200207141453.36BF6F798@maintenance.suse.de> SUSE Security Update: Security update for pcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0357-1 Rating: important References: #1129991 #1152763 #1153921 Cross-References: CVE-2019-3695 CVE-2019-3696 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for pcp fixes the following issues: Security issue fixed: - CVE-2019-3696: Fixed a local privilege escalation in migrate_tempdirs() (bsc#1153921). - CVE-2019-3695: Fixed a local privilege escalation of the pcp user during package update (bsc#1152763). Non-security issue fixed: - Fixed an dependency issue with pcp2csv (bsc#1129991). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-357=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-357=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-357=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-357=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2020-357=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-357=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-357=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpcp-devel-3.11.9-5.8.1 libpcp3-3.11.9-5.8.1 libpcp3-debuginfo-3.11.9-5.8.1 libpcp_gui2-3.11.9-5.8.1 libpcp_gui2-debuginfo-3.11.9-5.8.1 libpcp_import1-3.11.9-5.8.1 libpcp_import1-debuginfo-3.11.9-5.8.1 libpcp_mmv1-3.11.9-5.8.1 libpcp_mmv1-debuginfo-3.11.9-5.8.1 libpcp_trace2-3.11.9-5.8.1 libpcp_trace2-debuginfo-3.11.9-5.8.1 libpcp_web1-3.11.9-5.8.1 libpcp_web1-debuginfo-3.11.9-5.8.1 pcp-3.11.9-5.8.1 pcp-conf-3.11.9-5.8.1 pcp-debuginfo-3.11.9-5.8.1 pcp-debugsource-3.11.9-5.8.1 pcp-devel-3.11.9-5.8.1 pcp-devel-debuginfo-3.11.9-5.8.1 pcp-import-iostat2pcp-3.11.9-5.8.1 pcp-import-mrtg2pcp-3.11.9-5.8.1 pcp-import-sar2pcp-3.11.9-5.8.1 perl-PCP-LogImport-3.11.9-5.8.1 perl-PCP-LogImport-debuginfo-3.11.9-5.8.1 perl-PCP-LogSummary-3.11.9-5.8.1 perl-PCP-MMV-3.11.9-5.8.1 perl-PCP-MMV-debuginfo-3.11.9-5.8.1 perl-PCP-PMDA-3.11.9-5.8.1 perl-PCP-PMDA-debuginfo-3.11.9-5.8.1 python-pcp-3.11.9-5.8.1 python-pcp-debuginfo-3.11.9-5.8.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): pcp-doc-3.11.9-5.8.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpcp-devel-3.11.9-5.8.1 libpcp3-3.11.9-5.8.1 libpcp3-debuginfo-3.11.9-5.8.1 libpcp_gui2-3.11.9-5.8.1 libpcp_gui2-debuginfo-3.11.9-5.8.1 libpcp_import1-3.11.9-5.8.1 libpcp_import1-debuginfo-3.11.9-5.8.1 libpcp_mmv1-3.11.9-5.8.1 libpcp_mmv1-debuginfo-3.11.9-5.8.1 libpcp_trace2-3.11.9-5.8.1 libpcp_trace2-debuginfo-3.11.9-5.8.1 libpcp_web1-3.11.9-5.8.1 libpcp_web1-debuginfo-3.11.9-5.8.1 pcp-3.11.9-5.8.1 pcp-conf-3.11.9-5.8.1 pcp-debuginfo-3.11.9-5.8.1 pcp-debugsource-3.11.9-5.8.1 pcp-devel-3.11.9-5.8.1 pcp-devel-debuginfo-3.11.9-5.8.1 pcp-import-iostat2pcp-3.11.9-5.8.1 pcp-import-mrtg2pcp-3.11.9-5.8.1 pcp-import-sar2pcp-3.11.9-5.8.1 perl-PCP-LogImport-3.11.9-5.8.1 perl-PCP-LogImport-debuginfo-3.11.9-5.8.1 perl-PCP-LogSummary-3.11.9-5.8.1 perl-PCP-MMV-3.11.9-5.8.1 perl-PCP-MMV-debuginfo-3.11.9-5.8.1 perl-PCP-PMDA-3.11.9-5.8.1 perl-PCP-PMDA-debuginfo-3.11.9-5.8.1 python-pcp-3.11.9-5.8.1 python-pcp-debuginfo-3.11.9-5.8.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): pcp-doc-3.11.9-5.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): pcp-pmda-kvm-3.11.9-5.8.1 pcp-pmda-postgresql-3.11.9-5.8.1 python-pcp-3.11.9-5.8.1 python-pcp-debuginfo-3.11.9-5.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): pcp-debuginfo-3.11.9-5.8.1 pcp-debugsource-3.11.9-5.8.1 pcp-export-pcp2graphite-3.11.9-5.8.1 pcp-export-pcp2influxdb-3.11.9-5.8.1 pcp-export-zabbix-agent-3.11.9-5.8.1 pcp-export-zabbix-agent-debuginfo-3.11.9-5.8.1 pcp-gui-3.11.9-5.8.1 pcp-gui-debuginfo-3.11.9-5.8.1 pcp-import-collectl2pcp-3.11.9-5.8.1 pcp-import-collectl2pcp-debuginfo-3.11.9-5.8.1 pcp-import-ganglia2pcp-3.11.9-5.8.1 pcp-manager-3.11.9-5.8.1 pcp-manager-debuginfo-3.11.9-5.8.1 pcp-pmda-activemq-3.11.9-5.8.1 pcp-pmda-apache-3.11.9-5.8.1 pcp-pmda-apache-debuginfo-3.11.9-5.8.1 pcp-pmda-bash-3.11.9-5.8.1 pcp-pmda-bash-debuginfo-3.11.9-5.8.1 pcp-pmda-bind2-3.11.9-5.8.1 pcp-pmda-bonding-3.11.9-5.8.1 pcp-pmda-cifs-3.11.9-5.8.1 pcp-pmda-cifs-debuginfo-3.11.9-5.8.1 pcp-pmda-cisco-3.11.9-5.8.1 pcp-pmda-cisco-debuginfo-3.11.9-5.8.1 pcp-pmda-dbping-3.11.9-5.8.1 pcp-pmda-dm-3.11.9-5.8.1 pcp-pmda-dm-debuginfo-3.11.9-5.8.1 pcp-pmda-docker-3.11.9-5.8.1 pcp-pmda-docker-debuginfo-3.11.9-5.8.1 pcp-pmda-ds389-3.11.9-5.8.1 pcp-pmda-ds389log-3.11.9-5.8.1 pcp-pmda-elasticsearch-3.11.9-5.8.1 pcp-pmda-gfs2-3.11.9-5.8.1 pcp-pmda-gfs2-debuginfo-3.11.9-5.8.1 pcp-pmda-gluster-3.11.9-5.8.1 pcp-pmda-gpfs-3.11.9-5.8.1 pcp-pmda-gpsd-3.11.9-5.8.1 pcp-pmda-json-3.11.9-5.8.1 pcp-pmda-kvm-3.11.9-5.8.1 pcp-pmda-lmsensors-3.11.9-5.8.1 pcp-pmda-lmsensors-debuginfo-3.11.9-5.8.1 pcp-pmda-logger-3.11.9-5.8.1 pcp-pmda-logger-debuginfo-3.11.9-5.8.1 pcp-pmda-lustre-3.11.9-5.8.1 pcp-pmda-lustrecomm-3.11.9-5.8.1 pcp-pmda-lustrecomm-debuginfo-3.11.9-5.8.1 pcp-pmda-mailq-3.11.9-5.8.1 pcp-pmda-mailq-debuginfo-3.11.9-5.8.1 pcp-pmda-memcache-3.11.9-5.8.1 pcp-pmda-mic-3.11.9-5.8.1 pcp-pmda-mounts-3.11.9-5.8.1 pcp-pmda-mounts-debuginfo-3.11.9-5.8.1 pcp-pmda-mysql-3.11.9-5.8.1 pcp-pmda-named-3.11.9-5.8.1 pcp-pmda-netfilter-3.11.9-5.8.1 pcp-pmda-news-3.11.9-5.8.1 pcp-pmda-nfsclient-3.11.9-5.8.1 pcp-pmda-nginx-3.11.9-5.8.1 pcp-pmda-nutcracker-3.11.9-5.8.1 pcp-pmda-nvidia-gpu-3.11.9-5.8.1 pcp-pmda-nvidia-gpu-debuginfo-3.11.9-5.8.1 pcp-pmda-oracle-3.11.9-5.8.1 pcp-pmda-pdns-3.11.9-5.8.1 pcp-pmda-postfix-3.11.9-5.8.1 pcp-pmda-postgresql-3.11.9-5.8.1 pcp-pmda-redis-3.11.9-5.8.1 pcp-pmda-roomtemp-3.11.9-5.8.1 pcp-pmda-roomtemp-debuginfo-3.11.9-5.8.1 pcp-pmda-rpm-3.11.9-5.8.1 pcp-pmda-rpm-debuginfo-3.11.9-5.8.1 pcp-pmda-rsyslog-3.11.9-5.8.1 pcp-pmda-samba-3.11.9-5.8.1 pcp-pmda-sendmail-3.11.9-5.8.1 pcp-pmda-sendmail-debuginfo-3.11.9-5.8.1 pcp-pmda-shping-3.11.9-5.8.1 pcp-pmda-shping-debuginfo-3.11.9-5.8.1 pcp-pmda-slurm-3.11.9-5.8.1 pcp-pmda-snmp-3.11.9-5.8.1 pcp-pmda-summary-3.11.9-5.8.1 pcp-pmda-summary-debuginfo-3.11.9-5.8.1 pcp-pmda-systemd-3.11.9-5.8.1 pcp-pmda-systemd-debuginfo-3.11.9-5.8.1 pcp-pmda-trace-3.11.9-5.8.1 pcp-pmda-trace-debuginfo-3.11.9-5.8.1 pcp-pmda-unbound-3.11.9-5.8.1 pcp-pmda-vmware-3.11.9-5.8.1 pcp-pmda-weblog-3.11.9-5.8.1 pcp-pmda-weblog-debuginfo-3.11.9-5.8.1 pcp-pmda-zimbra-3.11.9-5.8.1 pcp-pmda-zswap-3.11.9-5.8.1 pcp-system-tools-3.11.9-5.8.1 pcp-system-tools-debuginfo-3.11.9-5.8.1 pcp-testsuite-3.11.9-5.8.1 pcp-testsuite-debuginfo-3.11.9-5.8.1 pcp-webapi-3.11.9-5.8.1 pcp-webapi-debuginfo-3.11.9-5.8.1 python3-pcp-3.11.9-5.8.1 python3-pcp-debuginfo-3.11.9-5.8.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): libpcp-devel-3.11.9-5.8.1 libpcp3-3.11.9-5.8.1 libpcp3-debuginfo-3.11.9-5.8.1 libpcp_gui2-3.11.9-5.8.1 libpcp_gui2-debuginfo-3.11.9-5.8.1 libpcp_import1-3.11.9-5.8.1 libpcp_import1-debuginfo-3.11.9-5.8.1 libpcp_mmv1-3.11.9-5.8.1 libpcp_mmv1-debuginfo-3.11.9-5.8.1 libpcp_trace2-3.11.9-5.8.1 libpcp_trace2-debuginfo-3.11.9-5.8.1 libpcp_web1-3.11.9-5.8.1 libpcp_web1-debuginfo-3.11.9-5.8.1 pcp-3.11.9-5.8.1 pcp-conf-3.11.9-5.8.1 pcp-debuginfo-3.11.9-5.8.1 pcp-debugsource-3.11.9-5.8.1 pcp-devel-3.11.9-5.8.1 pcp-devel-debuginfo-3.11.9-5.8.1 pcp-import-iostat2pcp-3.11.9-5.8.1 pcp-import-mrtg2pcp-3.11.9-5.8.1 pcp-import-sar2pcp-3.11.9-5.8.1 perl-PCP-LogImport-3.11.9-5.8.1 perl-PCP-LogImport-debuginfo-3.11.9-5.8.1 perl-PCP-LogSummary-3.11.9-5.8.1 perl-PCP-MMV-3.11.9-5.8.1 perl-PCP-MMV-debuginfo-3.11.9-5.8.1 perl-PCP-PMDA-3.11.9-5.8.1 perl-PCP-PMDA-debuginfo-3.11.9-5.8.1 python-pcp-3.11.9-5.8.1 python-pcp-debuginfo-3.11.9-5.8.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): pcp-doc-3.11.9-5.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpcp-devel-3.11.9-5.8.1 libpcp3-3.11.9-5.8.1 libpcp3-debuginfo-3.11.9-5.8.1 libpcp_gui2-3.11.9-5.8.1 libpcp_gui2-debuginfo-3.11.9-5.8.1 libpcp_import1-3.11.9-5.8.1 libpcp_import1-debuginfo-3.11.9-5.8.1 libpcp_mmv1-3.11.9-5.8.1 libpcp_mmv1-debuginfo-3.11.9-5.8.1 libpcp_trace2-3.11.9-5.8.1 libpcp_trace2-debuginfo-3.11.9-5.8.1 libpcp_web1-3.11.9-5.8.1 libpcp_web1-debuginfo-3.11.9-5.8.1 pcp-3.11.9-5.8.1 pcp-conf-3.11.9-5.8.1 pcp-debuginfo-3.11.9-5.8.1 pcp-debugsource-3.11.9-5.8.1 pcp-devel-3.11.9-5.8.1 pcp-devel-debuginfo-3.11.9-5.8.1 pcp-import-iostat2pcp-3.11.9-5.8.1 pcp-import-mrtg2pcp-3.11.9-5.8.1 pcp-import-sar2pcp-3.11.9-5.8.1 perl-PCP-LogImport-3.11.9-5.8.1 perl-PCP-LogImport-debuginfo-3.11.9-5.8.1 perl-PCP-LogSummary-3.11.9-5.8.1 perl-PCP-MMV-3.11.9-5.8.1 perl-PCP-MMV-debuginfo-3.11.9-5.8.1 perl-PCP-PMDA-3.11.9-5.8.1 perl-PCP-PMDA-debuginfo-3.11.9-5.8.1 python-pcp-3.11.9-5.8.1 python-pcp-debuginfo-3.11.9-5.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): pcp-doc-3.11.9-5.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpcp-devel-3.11.9-5.8.1 libpcp3-3.11.9-5.8.1 libpcp3-debuginfo-3.11.9-5.8.1 libpcp_gui2-3.11.9-5.8.1 libpcp_gui2-debuginfo-3.11.9-5.8.1 libpcp_import1-3.11.9-5.8.1 libpcp_import1-debuginfo-3.11.9-5.8.1 libpcp_mmv1-3.11.9-5.8.1 libpcp_mmv1-debuginfo-3.11.9-5.8.1 libpcp_trace2-3.11.9-5.8.1 libpcp_trace2-debuginfo-3.11.9-5.8.1 libpcp_web1-3.11.9-5.8.1 libpcp_web1-debuginfo-3.11.9-5.8.1 pcp-3.11.9-5.8.1 pcp-conf-3.11.9-5.8.1 pcp-debuginfo-3.11.9-5.8.1 pcp-debugsource-3.11.9-5.8.1 pcp-devel-3.11.9-5.8.1 pcp-devel-debuginfo-3.11.9-5.8.1 pcp-import-iostat2pcp-3.11.9-5.8.1 pcp-import-mrtg2pcp-3.11.9-5.8.1 pcp-import-sar2pcp-3.11.9-5.8.1 perl-PCP-LogImport-3.11.9-5.8.1 perl-PCP-LogImport-debuginfo-3.11.9-5.8.1 perl-PCP-LogSummary-3.11.9-5.8.1 perl-PCP-MMV-3.11.9-5.8.1 perl-PCP-MMV-debuginfo-3.11.9-5.8.1 perl-PCP-PMDA-3.11.9-5.8.1 perl-PCP-PMDA-debuginfo-3.11.9-5.8.1 python-pcp-3.11.9-5.8.1 python-pcp-debuginfo-3.11.9-5.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): pcp-doc-3.11.9-5.8.1 References: https://www.suse.com/security/cve/CVE-2019-3695.html https://www.suse.com/security/cve/CVE-2019-3696.html https://bugzilla.suse.com/1129991 https://bugzilla.suse.com/1152763 https://bugzilla.suse.com/1153921 From sle-updates at lists.suse.com Fri Feb 7 07:15:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 15:15:51 +0100 (CET) Subject: SUSE-SU-2020:0360-1: moderate: Security update for e2fsprogs Message-ID: <20200207141551.D6712F79E@maintenance.suse.de> SUSE Security Update: Security update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0360-1 Rating: moderate References: #1160571 Cross-References: CVE-2019-5188 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-360=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-360=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-360=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-360=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-360=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): e2fsprogs-debuginfo-1.43.8-3.11.1 e2fsprogs-debugsource-1.43.8-3.11.1 e2fsprogs-devel-1.43.8-3.11.1 libcom_err-devel-1.43.8-3.11.1 libext2fs-devel-1.43.8-3.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): e2fsprogs-debuginfo-1.43.8-3.11.1 e2fsprogs-debugsource-1.43.8-3.11.1 e2fsprogs-devel-1.43.8-3.11.1 libcom_err-devel-1.43.8-3.11.1 libext2fs-devel-1.43.8-3.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): e2fsprogs-1.43.8-3.11.1 e2fsprogs-debuginfo-1.43.8-3.11.1 e2fsprogs-debugsource-1.43.8-3.11.1 libcom_err2-1.43.8-3.11.1 libcom_err2-debuginfo-1.43.8-3.11.1 libext2fs2-1.43.8-3.11.1 libext2fs2-debuginfo-1.43.8-3.11.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): e2fsprogs-debuginfo-32bit-1.43.8-3.11.1 libcom_err2-32bit-1.43.8-3.11.1 libcom_err2-debuginfo-32bit-1.43.8-3.11.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): e2fsprogs-1.43.8-3.11.1 e2fsprogs-debuginfo-1.43.8-3.11.1 e2fsprogs-debugsource-1.43.8-3.11.1 libcom_err2-1.43.8-3.11.1 libcom_err2-debuginfo-1.43.8-3.11.1 libext2fs2-1.43.8-3.11.1 libext2fs2-debuginfo-1.43.8-3.11.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): e2fsprogs-debuginfo-32bit-1.43.8-3.11.1 libcom_err2-32bit-1.43.8-3.11.1 libcom_err2-debuginfo-32bit-1.43.8-3.11.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): e2fsprogs-1.43.8-3.11.1 e2fsprogs-debuginfo-1.43.8-3.11.1 e2fsprogs-debuginfo-32bit-1.43.8-3.11.1 e2fsprogs-debugsource-1.43.8-3.11.1 libcom_err2-1.43.8-3.11.1 libcom_err2-32bit-1.43.8-3.11.1 libcom_err2-debuginfo-1.43.8-3.11.1 libcom_err2-debuginfo-32bit-1.43.8-3.11.1 libext2fs2-1.43.8-3.11.1 libext2fs2-debuginfo-1.43.8-3.11.1 References: https://www.suse.com/security/cve/CVE-2019-5188.html https://bugzilla.suse.com/1160571 From sle-updates at lists.suse.com Fri Feb 7 07:16:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 15:16:32 +0100 (CET) Subject: SUSE-RU-2020:0361-1: moderate: Recommended update for kernel-firmware Message-ID: <20200207141632.51754F79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0361-1 Rating: moderate References: #1143331 #1160204 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for kernel-firmware fixes the following issues: Update to version 20200107 (git commit 67d4ff59bf33): * Mellanox: Add new mlxsw_spectrum firmware xx.2000.2714 * radeon: update oland rlc microcode from amdgpu * amdgpu: update vega20 microcode for 19.50 * amdgpu: update vega12 microcode for 19.50 * amdgpu: update vega10 microcode for 19.50 * amdgpu: update picasso microcode for 19.50 * amdgpu: update raven2 microcode for 19.50 * amdgpu: update raven microcode for 19.50 * amdgpu: update navi10 microcode for 19.50 * amdgpu: update navi14 microcode for 19.50 * amdgpu: add TA microcode for Raven asics * qed: Add firmware 8.42.2.0 * Adjust WHENCE entry to check_whence doesn't complain * qcom: Switch SDM845 WLAN firmware * linux-firmware: add NXP firmware licence file * ath10k: WCN3990 hw1.0: add firmware WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1 * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00070 * ath10k: QCA988X hw2.0: update firmware-5.bin to 10.2.4-1.0-00047 * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00070 * ath10k: QCA9887 hw1.0: update firmware-5.bin to 10.2.4-1.0-00047 * ath10k: QCA6174 hw3.0: update board-2.bin * linux-firmware: Update AMD cpu microcode (bsc#1160204) * inside-secure: add new "mini" firmware for the EIP197 driver * WHENCE: Add raspberry-pi4 SDIO file * qcom: update venus firmware files for v5.4 * cxgb4: Update firmware to revision 1.24.11.0 * brcm: Add BCM43455 NVRAM for Raspberry Pi 4 B * qcom: Add SDM845 Compute DSP firmware * qcom: Add SDM845 Audio DSP firmware * qcom: Add SDM845 modem firmware This patch reverts vega10_sos.bin again as the latest firmware still broken for SLE15-SP1 (4.19 DRM-base) amdgpu driver (bsc#1143331) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-361=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-firmware-20200107-3.12.1 ucode-amd-20200107-3.12.1 References: https://bugzilla.suse.com/1143331 https://bugzilla.suse.com/1160204 From sle-updates at lists.suse.com Fri Feb 7 07:17:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 15:17:21 +0100 (CET) Subject: SUSE-SU-2020:0358-1: important: Security update for wicked Message-ID: <20200207141721.2DCD2F79E@maintenance.suse.de> SUSE Security Update: Security update for wicked ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0358-1 Rating: important References: #1142214 #1160903 #1160904 #1160905 #1160906 Cross-References: CVE-2019-18902 CVE-2019-18903 CVE-2020-7216 CVE-2020-7217 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for wicked fixes the following issues: - CVE-2019-18902: Fixed a use-after-free when receiving invalid DHCP6 client options (bsc#1160903). - CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IA_PD option (bsc#1160904). - CVE-2020-7216: Fixed a potential denial of service via a memory leak when processing packets with missing message type option in DHCP4 (bsc#1160905). - CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids (bsc#1160906). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-358=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-358=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): wicked-0.6.60-28.26.1 wicked-debuginfo-0.6.60-28.26.1 wicked-debugsource-0.6.60-28.26.1 wicked-service-0.6.60-28.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): wicked-0.6.60-28.26.1 wicked-debuginfo-0.6.60-28.26.1 wicked-debugsource-0.6.60-28.26.1 wicked-service-0.6.60-28.26.1 References: https://www.suse.com/security/cve/CVE-2019-18902.html https://www.suse.com/security/cve/CVE-2019-18903.html https://www.suse.com/security/cve/CVE-2020-7216.html https://www.suse.com/security/cve/CVE-2020-7217.html https://bugzilla.suse.com/1142214 https://bugzilla.suse.com/1160903 https://bugzilla.suse.com/1160904 https://bugzilla.suse.com/1160905 https://bugzilla.suse.com/1160906 From sle-updates at lists.suse.com Fri Feb 7 07:18:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 15:18:26 +0100 (CET) Subject: SUSE-RU-2020:0363-1: moderate: Recommended update for gssproxy Message-ID: <20200207141826.CC83EF79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for gssproxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0363-1 Rating: moderate References: #1024309 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ships gssproxy to SUSE Linux Enterprise Server. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-363=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gssproxy-0.8.2-4.2.1 gssproxy-debuginfo-0.8.2-4.2.1 References: https://bugzilla.suse.com/1024309 From sle-updates at lists.suse.com Fri Feb 7 07:12:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 15:12:21 +0100 (CET) Subject: SUSE-SU-2020:0359-1: moderate: Security update for rubygem-rack Message-ID: <20200207141221.D5FC2F798@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rack ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0359-1 Rating: moderate References: #1114828 #1116600 #1159548 Cross-References: CVE-2018-16471 CVE-2019-16782 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for rubygem-rack to version 2.0.8 fixes the following issues: - CVE-2018-16471: Fixed a cross-site scripting (XSS) flaw via the scheme method on Rack::Request (bsc#1116600). - CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability (bsc#1159548). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-359=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-359=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-359=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-doc-2.0.8-3.3.1 ruby2.5-rubygem-rack-testsuite-2.0.8-3.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-3.3.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-16471.html https://www.suse.com/security/cve/CVE-2019-16782.html https://bugzilla.suse.com/1114828 https://bugzilla.suse.com/1116600 https://bugzilla.suse.com/1159548 From sle-updates at lists.suse.com Fri Feb 7 10:11:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 18:11:25 +0100 (CET) Subject: SUSE-SU-2020:0369-1: important: Security update for wicked Message-ID: <20200207171125.4A320F796@maintenance.suse.de> SUSE Security Update: Security update for wicked ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0369-1 Rating: important References: #1160903 #1160904 #1160905 #1160906 Cross-References: CVE-2019-18902 CVE-2019-18903 CVE-2020-7216 CVE-2020-7217 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for wicked fixes the following issues: - CVE-2019-18902: Fixed a use-after-free when receiving invalid DHCP6 client options (bsc#1160903). - CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IA_PD option (bsc#1160904). - CVE-2020-7216: Fixed a potential denial of service via a memory leak when processing packets with missing message type option in DHCP4 (bsc#1160905). - CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids (bsc#1160906). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-369=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-369=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): wicked-0.6.60-2.18.1 wicked-debuginfo-0.6.60-2.18.1 wicked-debugsource-0.6.60-2.18.1 wicked-service-0.6.60-2.18.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): wicked-0.6.60-2.18.1 wicked-debuginfo-0.6.60-2.18.1 wicked-debugsource-0.6.60-2.18.1 wicked-service-0.6.60-2.18.1 References: https://www.suse.com/security/cve/CVE-2019-18902.html https://www.suse.com/security/cve/CVE-2019-18903.html https://www.suse.com/security/cve/CVE-2020-7216.html https://www.suse.com/security/cve/CVE-2020-7217.html https://bugzilla.suse.com/1160903 https://bugzilla.suse.com/1160904 https://bugzilla.suse.com/1160905 https://bugzilla.suse.com/1160906 From sle-updates at lists.suse.com Fri Feb 7 10:12:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 18:12:25 +0100 (CET) Subject: SUSE-RU-2020:0365-1: moderate: Recommended update for lmdb Message-ID: <20200207171225.653F9F796@maintenance.suse.de> SUSE Recommended Update: Recommended update for lmdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0365-1 Rating: moderate References: #1159086 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lmdb fixes the following issues: - Fix assert in LMBD during 'mdb_page_search_root'. (bsc#1159086). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-365=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-365=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): lmdb-0.9.17-4.6.2 lmdb-debuginfo-0.9.17-4.6.2 lmdb-debugsource-0.9.17-4.6.2 lmdb-devel-0.9.17-4.6.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x): liblmdb-0_9_17-0.9.17-4.6.2 liblmdb-0_9_17-debuginfo-0.9.17-4.6.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): liblmdb-0_9_17-32bit-0.9.17-4.6.2 liblmdb-0_9_17-32bit-debuginfo-0.9.17-4.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): liblmdb-0_9_17-0.9.17-4.6.2 liblmdb-0_9_17-debuginfo-0.9.17-4.6.2 lmdb-debuginfo-0.9.17-4.6.2 lmdb-debugsource-0.9.17-4.6.2 References: https://bugzilla.suse.com/1159086 From sle-updates at lists.suse.com Fri Feb 7 10:13:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 18:13:05 +0100 (CET) Subject: SUSE-RU-2020:0374-1: moderate: Recommended update for python-pyparsing Message-ID: <20200207171305.B84AEF796@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-pyparsing ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0374-1 Rating: moderate References: #1122668 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides python-pyparsing 2.2.0: - Bumped minor version number to reflect compatibility issues with OneOrMore and ZeroOrMore bugfixes in 2.1.10. (2.1.10 fixed a bug that was introduced in 2.1.4, but the fix could break code written against 2.1.4 - 2.1.9.) - Updated setup.py to address recursive import problems now that pyparsing is part of 'packaging' (used by setuptools). Patch submitted by Joshua Root, much thanks! - Fixed KeyError issue reported by Yann Bizeul when using packrat parsing in the Graphite time series database, thanks Yann! - Fixed incorrect usages of '\' in literals, as described in https://docs.python.org/3/whatsnew/3.6.html#deprecated-python-behavior Patch submitted by Ville Skytt?? - thanks! - Minor internal change when using '-' operator, to be compatible with ParserElement.streamline() method. - Expanded infixNotation to accept a list or tuple of parse actions to attach to an operation. - New unit test added for dill support for storing pyparsing parsers. Ordinary Python pickle can be used to pickle pyparsing parsers as long as they do not use any parse actions. The 'dill' module is an extension to pickle which *does* support pickling of attached It also provides python3 builds. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-374=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-374=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-374=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-374=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-374=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-374=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-374=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-374=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-374=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-pyparsing-2.2.0-3.3.1 python3-pyparsing-2.2.0-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-pyparsing-2.2.0-3.3.1 python3-pyparsing-2.2.0-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): python-pyparsing-2.2.0-3.3.1 python3-pyparsing-2.2.0-3.3.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-pyparsing-2.2.0-3.3.1 python3-pyparsing-2.2.0-3.3.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-pyparsing-2.2.0-3.3.1 python3-pyparsing-2.2.0-3.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): python-pyparsing-2.2.0-3.3.1 python3-pyparsing-2.2.0-3.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): python-pyparsing-2.2.0-3.3.1 python3-pyparsing-2.2.0-3.3.1 - SUSE Enterprise Storage 5 (noarch): python-pyparsing-2.2.0-3.3.1 python3-pyparsing-2.2.0-3.3.1 - HPE Helion Openstack 8 (noarch): python-pyparsing-2.2.0-3.3.1 python3-pyparsing-2.2.0-3.3.1 References: https://bugzilla.suse.com/1122668 From sle-updates at lists.suse.com Fri Feb 7 10:13:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 18:13:49 +0100 (CET) Subject: SUSE-SU-2020:0372-1: moderate: Security update for LibreOffice Message-ID: <20200207171349.9663DF796@maintenance.suse.de> SUSE Security Update: Security update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0372-1 Rating: moderate References: #1061210 #1105173 #1144522 #1152684 Cross-References: CVE-2019-9853 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.3.3 (jsc#SLE-8705), bringing many bug and stability fixes. More information for the 6.3 release at: https://wiki.documentfoundation.org/ReleaseNotes/6.3 Security issue fixed: - CVE-2019-9853: Fixed an issue where by executing macros, the security settings could have been bypassed (bsc#1152684). Other issues addressed: - Dropped disable-kde4 switch, since it is no longer known by configure - Disabled gtk2 because it will be removed in future releases - librelogo is now a standalone sub-package (bsc#1144522). - Partial fixes for an issue where Table(s) from DOCX showed wrong position or color (bsc#1061210). cmis-client was updated to 0.5.2: * Removed header for Uuid's sha1 header(bsc#1105173). * Fixed Google Drive login * Added support for Google Drive two-factor authentication * Fixed access to SharePoint root folder * Limited the maximal number of redirections to 20 * Switched library implementation to C++11 (the API remains C++98-compatible) * Fixed encoding of OAuth2 credentials * Dropped cppcheck run from "make check". A new "make cppcheck" target was created for it * Added proper API symbol exporting * Speeded up building of tests a bit * Fixed a few issues found by coverity and cppcheck libixion was updated to 0.15.0: * Updated for new liborcus * Switched to spdlog for compile-time debug log outputs * Fixed various issues libmwaw was updated 0.3.15: * Fixed fuzzing issues liborcus was updated to 0.15.3: * Fixed various xml related bugs * Improved performance * Fixed multiple parser issues * Added map and structure mode to orcus-json * Other improvements and fixes mdds was updated to 1.5.0: * API changed to 1.5 * Moved the API incompatibility notes from README to the rst doc. * Added the overview section for flat_segment_tree. myspell-dictionaries was updated to 20191016: * Updated Slovenian thesaurus * Updated the da_DK dictionary * Removed the abbreviations from Thai hunspell dictionary * Updated the English dictionaries * Fixed the logo management for "ca" spdlog was updated to 0.16.3: * Fixed sleep issue under MSVC that happens when changing the clock backwards * Ensured that macros always expand to expressions * Added global flush_on function bluez changes: * lib: Changed bluetooth.h to compile in strict C gperf was updated to 3.1: * The generated C code is now in ANSI-C by default. * Added option --constants-prefix. * Added declaration %define constants-prefix. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-372=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2020-372=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-372=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-372=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-372=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-372=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): libreoffice-branding-upstream-6.3.3.2-43.59.5 libreoffice-icon-themes-6.3.3.2-43.59.5 libreoffice-l10n-af-6.3.3.2-43.59.5 libreoffice-l10n-ar-6.3.3.2-43.59.5 libreoffice-l10n-bg-6.3.3.2-43.59.5 libreoffice-l10n-ca-6.3.3.2-43.59.5 libreoffice-l10n-cs-6.3.3.2-43.59.5 libreoffice-l10n-da-6.3.3.2-43.59.5 libreoffice-l10n-de-6.3.3.2-43.59.5 libreoffice-l10n-en-6.3.3.2-43.59.5 libreoffice-l10n-es-6.3.3.2-43.59.5 libreoffice-l10n-fi-6.3.3.2-43.59.5 libreoffice-l10n-fr-6.3.3.2-43.59.5 libreoffice-l10n-gu-6.3.3.2-43.59.5 libreoffice-l10n-hi-6.3.3.2-43.59.5 libreoffice-l10n-hr-6.3.3.2-43.59.5 libreoffice-l10n-hu-6.3.3.2-43.59.5 libreoffice-l10n-it-6.3.3.2-43.59.5 libreoffice-l10n-ja-6.3.3.2-43.59.5 libreoffice-l10n-ko-6.3.3.2-43.59.5 libreoffice-l10n-lt-6.3.3.2-43.59.5 libreoffice-l10n-nb-6.3.3.2-43.59.5 libreoffice-l10n-nl-6.3.3.2-43.59.5 libreoffice-l10n-nn-6.3.3.2-43.59.5 libreoffice-l10n-pl-6.3.3.2-43.59.5 libreoffice-l10n-pt_BR-6.3.3.2-43.59.5 libreoffice-l10n-pt_PT-6.3.3.2-43.59.5 libreoffice-l10n-ro-6.3.3.2-43.59.5 libreoffice-l10n-ru-6.3.3.2-43.59.5 libreoffice-l10n-sk-6.3.3.2-43.59.5 libreoffice-l10n-sv-6.3.3.2-43.59.5 libreoffice-l10n-uk-6.3.3.2-43.59.5 libreoffice-l10n-xh-6.3.3.2-43.59.5 libreoffice-l10n-zh_CN-6.3.3.2-43.59.5 libreoffice-l10n-zh_TW-6.3.3.2-43.59.5 libreoffice-l10n-zu-6.3.3.2-43.59.5 myspell-af_NA-20191016-16.21.1 myspell-af_ZA-20191016-16.21.1 myspell-ar-20191016-16.21.1 myspell-ar_AE-20191016-16.21.1 myspell-ar_BH-20191016-16.21.1 myspell-ar_DZ-20191016-16.21.1 myspell-ar_EG-20191016-16.21.1 myspell-ar_IQ-20191016-16.21.1 myspell-ar_JO-20191016-16.21.1 myspell-ar_KW-20191016-16.21.1 myspell-ar_LB-20191016-16.21.1 myspell-ar_LY-20191016-16.21.1 myspell-ar_MA-20191016-16.21.1 myspell-ar_OM-20191016-16.21.1 myspell-ar_QA-20191016-16.21.1 myspell-ar_SA-20191016-16.21.1 myspell-ar_SD-20191016-16.21.1 myspell-ar_SY-20191016-16.21.1 myspell-ar_TN-20191016-16.21.1 myspell-ar_YE-20191016-16.21.1 myspell-be_BY-20191016-16.21.1 myspell-bg_BG-20191016-16.21.1 myspell-bn_BD-20191016-16.21.1 myspell-bn_IN-20191016-16.21.1 myspell-bs-20191016-16.21.1 myspell-bs_BA-20191016-16.21.1 myspell-ca-20191016-16.21.1 myspell-ca_AD-20191016-16.21.1 myspell-ca_ES-20191016-16.21.1 myspell-ca_ES_valencia-20191016-16.21.1 myspell-ca_FR-20191016-16.21.1 myspell-ca_IT-20191016-16.21.1 myspell-cs_CZ-20191016-16.21.1 myspell-da_DK-20191016-16.21.1 myspell-de-20191016-16.21.1 myspell-de_AT-20191016-16.21.1 myspell-de_CH-20191016-16.21.1 myspell-de_DE-20191016-16.21.1 myspell-el_GR-20191016-16.21.1 myspell-en-20191016-16.21.1 myspell-en_AU-20191016-16.21.1 myspell-en_BS-20191016-16.21.1 myspell-en_BZ-20191016-16.21.1 myspell-en_CA-20191016-16.21.1 myspell-en_GB-20191016-16.21.1 myspell-en_GH-20191016-16.21.1 myspell-en_IE-20191016-16.21.1 myspell-en_IN-20191016-16.21.1 myspell-en_JM-20191016-16.21.1 myspell-en_MW-20191016-16.21.1 myspell-en_NA-20191016-16.21.1 myspell-en_NZ-20191016-16.21.1 myspell-en_PH-20191016-16.21.1 myspell-en_TT-20191016-16.21.1 myspell-en_US-20191016-16.21.1 myspell-en_ZA-20191016-16.21.1 myspell-en_ZW-20191016-16.21.1 myspell-es-20191016-16.21.1 myspell-es_AR-20191016-16.21.1 myspell-es_BO-20191016-16.21.1 myspell-es_CL-20191016-16.21.1 myspell-es_CO-20191016-16.21.1 myspell-es_CR-20191016-16.21.1 myspell-es_CU-20191016-16.21.1 myspell-es_DO-20191016-16.21.1 myspell-es_EC-20191016-16.21.1 myspell-es_ES-20191016-16.21.1 myspell-es_GT-20191016-16.21.1 myspell-es_HN-20191016-16.21.1 myspell-es_MX-20191016-16.21.1 myspell-es_NI-20191016-16.21.1 myspell-es_PA-20191016-16.21.1 myspell-es_PE-20191016-16.21.1 myspell-es_PR-20191016-16.21.1 myspell-es_PY-20191016-16.21.1 myspell-es_SV-20191016-16.21.1 myspell-es_UY-20191016-16.21.1 myspell-es_VE-20191016-16.21.1 myspell-et_EE-20191016-16.21.1 myspell-fr_BE-20191016-16.21.1 myspell-fr_CA-20191016-16.21.1 myspell-fr_CH-20191016-16.21.1 myspell-fr_FR-20191016-16.21.1 myspell-fr_LU-20191016-16.21.1 myspell-fr_MC-20191016-16.21.1 myspell-gu_IN-20191016-16.21.1 myspell-he_IL-20191016-16.21.1 myspell-hi_IN-20191016-16.21.1 myspell-hr_HR-20191016-16.21.1 myspell-hu_HU-20191016-16.21.1 myspell-id-20191016-16.21.1 myspell-id_ID-20191016-16.21.1 myspell-it_IT-20191016-16.21.1 myspell-lo_LA-20191016-16.21.1 myspell-lt_LT-20191016-16.21.1 myspell-lv_LV-20191016-16.21.1 myspell-nb_NO-20191016-16.21.1 myspell-nl_BE-20191016-16.21.1 myspell-nl_NL-20191016-16.21.1 myspell-nn_NO-20191016-16.21.1 myspell-no-20191016-16.21.1 myspell-pl_PL-20191016-16.21.1 myspell-pt_AO-20191016-16.21.1 myspell-pt_BR-20191016-16.21.1 myspell-pt_PT-20191016-16.21.1 myspell-ro-20191016-16.21.1 myspell-ro_RO-20191016-16.21.1 myspell-ru_RU-20191016-16.21.1 myspell-sk_SK-20191016-16.21.1 myspell-sl_SI-20191016-16.21.1 myspell-sr-20191016-16.21.1 myspell-sr_CS-20191016-16.21.1 myspell-sr_Latn_CS-20191016-16.21.1 myspell-sr_Latn_RS-20191016-16.21.1 myspell-sr_RS-20191016-16.21.1 myspell-sv_FI-20191016-16.21.1 myspell-sv_SE-20191016-16.21.1 myspell-te-20191016-16.21.1 myspell-te_IN-20191016-16.21.1 myspell-th_TH-20191016-16.21.1 myspell-uk_UA-20191016-16.21.1 myspell-vi-20191016-16.21.1 myspell-vi_VN-20191016-16.21.1 myspell-zu_ZA-20191016-16.21.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): bluez-cups-5.13-5.20.6 bluez-cups-debuginfo-5.13-5.20.6 bluez-debuginfo-5.13-5.20.6 bluez-debugsource-5.13-5.20.6 cmis-client-debuginfo-0.5.2-9.3.1 cmis-client-debugsource-0.5.2-9.3.1 libcmis-0_5-5-0.5.2-9.3.1 libcmis-0_5-5-debuginfo-0.5.2-9.3.1 libixion-0_15-0-0.15.0-13.12.1 libixion-0_15-0-debuginfo-0.15.0-13.12.1 libixion-debugsource-0.15.0-13.12.1 libmwaw-0_3-3-0.3.15-7.15.1 libmwaw-0_3-3-debuginfo-0.3.15-7.15.1 libmwaw-debugsource-0.3.15-7.15.1 liborcus-0_15-0-0.15.3-10.15.1 liborcus-0_15-0-debuginfo-0.15.3-10.15.1 liborcus-debugsource-0.15.3-10.15.1 libreoffice-6.3.3.2-43.59.5 libreoffice-base-6.3.3.2-43.59.5 libreoffice-base-debuginfo-6.3.3.2-43.59.5 libreoffice-base-drivers-postgresql-6.3.3.2-43.59.5 libreoffice-base-drivers-postgresql-debuginfo-6.3.3.2-43.59.5 libreoffice-calc-6.3.3.2-43.59.5 libreoffice-calc-debuginfo-6.3.3.2-43.59.5 libreoffice-calc-extensions-6.3.3.2-43.59.5 libreoffice-debuginfo-6.3.3.2-43.59.5 libreoffice-debugsource-6.3.3.2-43.59.5 libreoffice-draw-6.3.3.2-43.59.5 libreoffice-draw-debuginfo-6.3.3.2-43.59.5 libreoffice-filters-optional-6.3.3.2-43.59.5 libreoffice-gnome-6.3.3.2-43.59.5 libreoffice-gnome-debuginfo-6.3.3.2-43.59.5 libreoffice-impress-6.3.3.2-43.59.5 libreoffice-impress-debuginfo-6.3.3.2-43.59.5 libreoffice-librelogo-6.3.3.2-43.59.5 libreoffice-mailmerge-6.3.3.2-43.59.5 libreoffice-math-6.3.3.2-43.59.5 libreoffice-math-debuginfo-6.3.3.2-43.59.5 libreoffice-officebean-6.3.3.2-43.59.5 libreoffice-officebean-debuginfo-6.3.3.2-43.59.5 libreoffice-pyuno-6.3.3.2-43.59.5 libreoffice-pyuno-debuginfo-6.3.3.2-43.59.5 libreoffice-writer-6.3.3.2-43.59.5 libreoffice-writer-debuginfo-6.3.3.2-43.59.5 libreoffice-writer-extensions-6.3.3.2-43.59.5 myspell-dictionaries-20191016-16.21.1 myspell-lightproof-en-20191016-16.21.1 myspell-lightproof-hu_HU-20191016-16.21.1 myspell-lightproof-pt_BR-20191016-16.21.1 myspell-lightproof-ru_RU-20191016-16.21.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): libreoffice-branding-upstream-6.3.3.2-43.59.5 libreoffice-icon-themes-6.3.3.2-43.59.5 libreoffice-l10n-af-6.3.3.2-43.59.5 libreoffice-l10n-ar-6.3.3.2-43.59.5 libreoffice-l10n-bg-6.3.3.2-43.59.5 libreoffice-l10n-ca-6.3.3.2-43.59.5 libreoffice-l10n-cs-6.3.3.2-43.59.5 libreoffice-l10n-da-6.3.3.2-43.59.5 libreoffice-l10n-de-6.3.3.2-43.59.5 libreoffice-l10n-en-6.3.3.2-43.59.5 libreoffice-l10n-es-6.3.3.2-43.59.5 libreoffice-l10n-fi-6.3.3.2-43.59.5 libreoffice-l10n-fr-6.3.3.2-43.59.5 libreoffice-l10n-gu-6.3.3.2-43.59.5 libreoffice-l10n-hi-6.3.3.2-43.59.5 libreoffice-l10n-hr-6.3.3.2-43.59.5 libreoffice-l10n-hu-6.3.3.2-43.59.5 libreoffice-l10n-it-6.3.3.2-43.59.5 libreoffice-l10n-ja-6.3.3.2-43.59.5 libreoffice-l10n-ko-6.3.3.2-43.59.5 libreoffice-l10n-lt-6.3.3.2-43.59.5 libreoffice-l10n-nb-6.3.3.2-43.59.5 libreoffice-l10n-nl-6.3.3.2-43.59.5 libreoffice-l10n-nn-6.3.3.2-43.59.5 libreoffice-l10n-pl-6.3.3.2-43.59.5 libreoffice-l10n-pt_BR-6.3.3.2-43.59.5 libreoffice-l10n-pt_PT-6.3.3.2-43.59.5 libreoffice-l10n-ro-6.3.3.2-43.59.5 libreoffice-l10n-ru-6.3.3.2-43.59.5 libreoffice-l10n-sk-6.3.3.2-43.59.5 libreoffice-l10n-sv-6.3.3.2-43.59.5 libreoffice-l10n-uk-6.3.3.2-43.59.5 libreoffice-l10n-xh-6.3.3.2-43.59.5 libreoffice-l10n-zh_CN-6.3.3.2-43.59.5 libreoffice-l10n-zh_TW-6.3.3.2-43.59.5 libreoffice-l10n-zu-6.3.3.2-43.59.5 myspell-af_NA-20191016-16.21.1 myspell-af_ZA-20191016-16.21.1 myspell-ar-20191016-16.21.1 myspell-ar_AE-20191016-16.21.1 myspell-ar_BH-20191016-16.21.1 myspell-ar_DZ-20191016-16.21.1 myspell-ar_EG-20191016-16.21.1 myspell-ar_IQ-20191016-16.21.1 myspell-ar_JO-20191016-16.21.1 myspell-ar_KW-20191016-16.21.1 myspell-ar_LB-20191016-16.21.1 myspell-ar_LY-20191016-16.21.1 myspell-ar_MA-20191016-16.21.1 myspell-ar_OM-20191016-16.21.1 myspell-ar_QA-20191016-16.21.1 myspell-ar_SA-20191016-16.21.1 myspell-ar_SD-20191016-16.21.1 myspell-ar_SY-20191016-16.21.1 myspell-ar_TN-20191016-16.21.1 myspell-ar_YE-20191016-16.21.1 myspell-be_BY-20191016-16.21.1 myspell-bg_BG-20191016-16.21.1 myspell-bn_BD-20191016-16.21.1 myspell-bn_IN-20191016-16.21.1 myspell-bs-20191016-16.21.1 myspell-bs_BA-20191016-16.21.1 myspell-ca-20191016-16.21.1 myspell-ca_AD-20191016-16.21.1 myspell-ca_ES-20191016-16.21.1 myspell-ca_ES_valencia-20191016-16.21.1 myspell-ca_FR-20191016-16.21.1 myspell-ca_IT-20191016-16.21.1 myspell-cs_CZ-20191016-16.21.1 myspell-da_DK-20191016-16.21.1 myspell-de-20191016-16.21.1 myspell-de_AT-20191016-16.21.1 myspell-de_CH-20191016-16.21.1 myspell-de_DE-20191016-16.21.1 myspell-el_GR-20191016-16.21.1 myspell-en-20191016-16.21.1 myspell-en_AU-20191016-16.21.1 myspell-en_BS-20191016-16.21.1 myspell-en_BZ-20191016-16.21.1 myspell-en_CA-20191016-16.21.1 myspell-en_GB-20191016-16.21.1 myspell-en_GH-20191016-16.21.1 myspell-en_IE-20191016-16.21.1 myspell-en_IN-20191016-16.21.1 myspell-en_JM-20191016-16.21.1 myspell-en_MW-20191016-16.21.1 myspell-en_NA-20191016-16.21.1 myspell-en_NZ-20191016-16.21.1 myspell-en_PH-20191016-16.21.1 myspell-en_TT-20191016-16.21.1 myspell-en_US-20191016-16.21.1 myspell-en_ZA-20191016-16.21.1 myspell-en_ZW-20191016-16.21.1 myspell-es-20191016-16.21.1 myspell-es_AR-20191016-16.21.1 myspell-es_BO-20191016-16.21.1 myspell-es_CL-20191016-16.21.1 myspell-es_CO-20191016-16.21.1 myspell-es_CR-20191016-16.21.1 myspell-es_CU-20191016-16.21.1 myspell-es_DO-20191016-16.21.1 myspell-es_EC-20191016-16.21.1 myspell-es_ES-20191016-16.21.1 myspell-es_GT-20191016-16.21.1 myspell-es_HN-20191016-16.21.1 myspell-es_MX-20191016-16.21.1 myspell-es_NI-20191016-16.21.1 myspell-es_PA-20191016-16.21.1 myspell-es_PE-20191016-16.21.1 myspell-es_PR-20191016-16.21.1 myspell-es_PY-20191016-16.21.1 myspell-es_SV-20191016-16.21.1 myspell-es_UY-20191016-16.21.1 myspell-es_VE-20191016-16.21.1 myspell-et_EE-20191016-16.21.1 myspell-fr_BE-20191016-16.21.1 myspell-fr_CA-20191016-16.21.1 myspell-fr_CH-20191016-16.21.1 myspell-fr_FR-20191016-16.21.1 myspell-fr_LU-20191016-16.21.1 myspell-fr_MC-20191016-16.21.1 myspell-gu_IN-20191016-16.21.1 myspell-he_IL-20191016-16.21.1 myspell-hi_IN-20191016-16.21.1 myspell-hr_HR-20191016-16.21.1 myspell-hu_HU-20191016-16.21.1 myspell-id-20191016-16.21.1 myspell-id_ID-20191016-16.21.1 myspell-it_IT-20191016-16.21.1 myspell-lo_LA-20191016-16.21.1 myspell-lt_LT-20191016-16.21.1 myspell-lv_LV-20191016-16.21.1 myspell-nb_NO-20191016-16.21.1 myspell-nl_BE-20191016-16.21.1 myspell-nl_NL-20191016-16.21.1 myspell-nn_NO-20191016-16.21.1 myspell-no-20191016-16.21.1 myspell-pl_PL-20191016-16.21.1 myspell-pt_AO-20191016-16.21.1 myspell-pt_BR-20191016-16.21.1 myspell-pt_PT-20191016-16.21.1 myspell-ro-20191016-16.21.1 myspell-ro_RO-20191016-16.21.1 myspell-ru_RU-20191016-16.21.1 myspell-sk_SK-20191016-16.21.1 myspell-sl_SI-20191016-16.21.1 myspell-sr-20191016-16.21.1 myspell-sr_CS-20191016-16.21.1 myspell-sr_Latn_CS-20191016-16.21.1 myspell-sr_Latn_RS-20191016-16.21.1 myspell-sr_RS-20191016-16.21.1 myspell-sv_FI-20191016-16.21.1 myspell-sv_SE-20191016-16.21.1 myspell-te-20191016-16.21.1 myspell-te_IN-20191016-16.21.1 myspell-th_TH-20191016-16.21.1 myspell-uk_UA-20191016-16.21.1 myspell-vi-20191016-16.21.1 myspell-vi_VN-20191016-16.21.1 myspell-zu_ZA-20191016-16.21.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): bluez-cups-5.13-5.20.6 bluez-cups-debuginfo-5.13-5.20.6 bluez-debuginfo-5.13-5.20.6 bluez-debugsource-5.13-5.20.6 cmis-client-debuginfo-0.5.2-9.3.1 cmis-client-debugsource-0.5.2-9.3.1 libcmis-0_5-5-0.5.2-9.3.1 libcmis-0_5-5-debuginfo-0.5.2-9.3.1 libixion-0_15-0-0.15.0-13.12.1 libixion-0_15-0-debuginfo-0.15.0-13.12.1 libixion-debugsource-0.15.0-13.12.1 libmwaw-0_3-3-0.3.15-7.15.1 libmwaw-0_3-3-debuginfo-0.3.15-7.15.1 libmwaw-debugsource-0.3.15-7.15.1 liborcus-0_15-0-0.15.3-10.15.1 liborcus-0_15-0-debuginfo-0.15.3-10.15.1 liborcus-debugsource-0.15.3-10.15.1 libreoffice-6.3.3.2-43.59.5 libreoffice-base-6.3.3.2-43.59.5 libreoffice-base-debuginfo-6.3.3.2-43.59.5 libreoffice-base-drivers-postgresql-6.3.3.2-43.59.5 libreoffice-base-drivers-postgresql-debuginfo-6.3.3.2-43.59.5 libreoffice-calc-6.3.3.2-43.59.5 libreoffice-calc-debuginfo-6.3.3.2-43.59.5 libreoffice-calc-extensions-6.3.3.2-43.59.5 libreoffice-debuginfo-6.3.3.2-43.59.5 libreoffice-debugsource-6.3.3.2-43.59.5 libreoffice-draw-6.3.3.2-43.59.5 libreoffice-draw-debuginfo-6.3.3.2-43.59.5 libreoffice-filters-optional-6.3.3.2-43.59.5 libreoffice-gnome-6.3.3.2-43.59.5 libreoffice-gnome-debuginfo-6.3.3.2-43.59.5 libreoffice-impress-6.3.3.2-43.59.5 libreoffice-impress-debuginfo-6.3.3.2-43.59.5 libreoffice-librelogo-6.3.3.2-43.59.5 libreoffice-mailmerge-6.3.3.2-43.59.5 libreoffice-math-6.3.3.2-43.59.5 libreoffice-math-debuginfo-6.3.3.2-43.59.5 libreoffice-officebean-6.3.3.2-43.59.5 libreoffice-officebean-debuginfo-6.3.3.2-43.59.5 libreoffice-pyuno-6.3.3.2-43.59.5 libreoffice-pyuno-debuginfo-6.3.3.2-43.59.5 libreoffice-writer-6.3.3.2-43.59.5 libreoffice-writer-debuginfo-6.3.3.2-43.59.5 libreoffice-writer-extensions-6.3.3.2-43.59.5 myspell-dictionaries-20191016-16.21.1 myspell-lightproof-en-20191016-16.21.1 myspell-lightproof-hu_HU-20191016-16.21.1 myspell-lightproof-pt_BR-20191016-16.21.1 myspell-lightproof-ru_RU-20191016-16.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.13-5.20.6 bluez-debugsource-5.13-5.20.6 bluez-devel-5.13-5.20.6 cmis-client-debuginfo-0.5.2-9.3.1 cmis-client-debugsource-0.5.2-9.3.1 gperf-3.1-19.4.1 gperf-debuginfo-3.1-19.4.1 gperf-debugsource-3.1-19.4.1 libcmis-0_5-5-0.5.2-9.3.1 libcmis-0_5-5-debuginfo-0.5.2-9.3.1 libcmis-c-0_5-5-0.5.2-9.3.1 libcmis-c-0_5-5-debuginfo-0.5.2-9.3.1 libcmis-c-devel-0.5.2-9.3.1 libcmis-devel-0.5.2-9.3.1 libixion-debugsource-0.15.0-13.12.1 libixion-devel-0.15.0-13.12.1 libmwaw-debugsource-0.3.15-7.15.1 libmwaw-devel-0.3.15-7.15.1 liborcus-debugsource-0.15.3-10.15.1 liborcus-devel-0.15.3-10.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (x86_64): libreoffice-debuginfo-6.3.3.2-43.59.5 libreoffice-debugsource-6.3.3.2-43.59.5 libreoffice-sdk-6.3.3.2-43.59.5 libreoffice-sdk-debuginfo-6.3.3.2-43.59.5 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): libmwaw-devel-doc-0.3.15-7.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.13-5.20.6 bluez-debugsource-5.13-5.20.6 bluez-devel-5.13-5.20.6 cmis-client-debuginfo-0.5.2-9.3.1 cmis-client-debugsource-0.5.2-9.3.1 gperf-3.1-19.4.1 gperf-debuginfo-3.1-19.4.1 gperf-debugsource-3.1-19.4.1 libcmis-0_5-5-0.5.2-9.3.1 libcmis-0_5-5-debuginfo-0.5.2-9.3.1 libcmis-c-0_5-5-0.5.2-9.3.1 libcmis-c-0_5-5-debuginfo-0.5.2-9.3.1 libcmis-c-devel-0.5.2-9.3.1 libcmis-devel-0.5.2-9.3.1 libixion-debugsource-0.15.0-13.12.1 libixion-devel-0.15.0-13.12.1 libmwaw-debugsource-0.3.15-7.15.1 libmwaw-devel-0.3.15-7.15.1 liborcus-debugsource-0.15.3-10.15.1 liborcus-devel-0.15.3-10.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 x86_64): libreoffice-debuginfo-6.3.3.2-43.59.5 libreoffice-debugsource-6.3.3.2-43.59.5 libreoffice-sdk-6.3.3.2-43.59.5 libreoffice-sdk-debuginfo-6.3.3.2-43.59.5 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): libmwaw-devel-doc-0.3.15-7.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bluez-5.13-5.20.6 bluez-debuginfo-5.13-5.20.6 bluez-debugsource-5.13-5.20.6 libbluetooth3-5.13-5.20.6 libbluetooth3-debuginfo-5.13-5.20.6 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): bluez-5.13-5.20.6 bluez-debuginfo-5.13-5.20.6 bluez-debugsource-5.13-5.20.6 libbluetooth3-5.13-5.20.6 libbluetooth3-debuginfo-5.13-5.20.6 References: https://www.suse.com/security/cve/CVE-2019-9853.html https://bugzilla.suse.com/1061210 https://bugzilla.suse.com/1105173 https://bugzilla.suse.com/1144522 https://bugzilla.suse.com/1152684 From sle-updates at lists.suse.com Fri Feb 7 10:14:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 18:14:52 +0100 (CET) Subject: SUSE-RU-2020:0366-1: moderate: Recommended update for yast2-sudo Message-ID: <20200207171452.D0927F796@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0366-1 Rating: moderate References: #1156929 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-sudo fixes the following issues: - Prevent truncating the sudoers file after writing the changes. (bsc#1156929) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-366=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-sudo-4.1.1-3.3.1 References: https://bugzilla.suse.com/1156929 From sle-updates at lists.suse.com Fri Feb 7 10:15:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 18:15:33 +0100 (CET) Subject: SUSE-RU-2020:0367-1: moderate: Recommended update for tpm2.0-abrmd Message-ID: <20200207171533.EF885F796@maintenance.suse.de> SUSE Recommended Update: Recommended update for tpm2.0-abrmd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0367-1 Rating: moderate References: #1159176 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tpm2.0-abrmd fixes the following issues: - Fix tcti loading using for both shorthand and full version specificaton (bsc#1159176). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-367=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libtss2-tcti-tabrmd0-2.0.2-8.3.1 libtss2-tcti-tabrmd0-debuginfo-2.0.2-8.3.1 tpm2.0-abrmd-2.0.2-8.3.1 tpm2.0-abrmd-debuginfo-2.0.2-8.3.1 tpm2.0-abrmd-debugsource-2.0.2-8.3.1 tpm2.0-abrmd-devel-2.0.2-8.3.1 References: https://bugzilla.suse.com/1159176 From sle-updates at lists.suse.com Fri Feb 7 10:16:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 18:16:15 +0100 (CET) Subject: SUSE-SU-2020:0370-1: important: Security update for wicked Message-ID: <20200207171615.44171F796@maintenance.suse.de> SUSE Security Update: Security update for wicked ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0370-1 Rating: important References: #1160904 #1160906 Cross-References: CVE-2019-18903 CVE-2020-7217 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wicked fixes the following issues: - CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IA_PD option (bsc#1160904). - CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids (bsc#1160906). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-370=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-370=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-370=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-370=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-370=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): wicked-0.6.60-3.24.1 wicked-debuginfo-0.6.60-3.24.1 wicked-debugsource-0.6.60-3.24.1 wicked-service-0.6.60-3.24.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): wicked-0.6.60-3.24.1 wicked-debuginfo-0.6.60-3.24.1 wicked-debugsource-0.6.60-3.24.1 wicked-service-0.6.60-3.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): wicked-0.6.60-3.24.1 wicked-debuginfo-0.6.60-3.24.1 wicked-debugsource-0.6.60-3.24.1 wicked-service-0.6.60-3.24.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): wicked-0.6.60-3.24.1 wicked-debuginfo-0.6.60-3.24.1 wicked-debugsource-0.6.60-3.24.1 wicked-service-0.6.60-3.24.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): wicked-0.6.60-3.24.1 wicked-debuginfo-0.6.60-3.24.1 wicked-debugsource-0.6.60-3.24.1 wicked-service-0.6.60-3.24.1 References: https://www.suse.com/security/cve/CVE-2019-18903.html https://www.suse.com/security/cve/CVE-2020-7217.html https://bugzilla.suse.com/1160904 https://bugzilla.suse.com/1160906 From sle-updates at lists.suse.com Fri Feb 7 10:17:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 18:17:37 +0100 (CET) Subject: SUSE-RU-2020:0368-1: moderate: Recommended update for lvm2 Message-ID: <20200207171737.6D4F2F796@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0368-1 Rating: moderate References: #1150021 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lvm2 fixes the following issues: - Fix for LVM in KVM: The scsi presistent reservation scenario can trigger and error during LVM actions. (bsc#1150021) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-368=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-368=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-368=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): lvm2-debuginfo-2.02.180-12.12.1 lvm2-debugsource-2.02.180-12.12.1 lvm2-testsuite-2.02.180-12.12.1 lvm2-testsuite-debuginfo-2.02.180-12.12.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): device-mapper-debugsource-1.02.149-12.12.1 device-mapper-devel-32bit-1.02.149-12.12.1 libdevmapper-event1_03-32bit-1.02.149-12.12.1 libdevmapper-event1_03-32bit-debuginfo-1.02.149-12.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.149-12.12.1 device-mapper-debuginfo-1.02.149-12.12.1 device-mapper-debugsource-1.02.149-12.12.1 device-mapper-devel-1.02.149-12.12.1 libdevmapper-event1_03-1.02.149-12.12.1 libdevmapper-event1_03-debuginfo-1.02.149-12.12.1 libdevmapper1_03-1.02.149-12.12.1 libdevmapper1_03-debuginfo-1.02.149-12.12.1 liblvm2app2_2-2.02.180-12.12.1 liblvm2app2_2-debuginfo-2.02.180-12.12.1 liblvm2cmd2_02-2.02.180-12.12.1 liblvm2cmd2_02-debuginfo-2.02.180-12.12.1 lvm2-2.02.180-12.12.1 lvm2-debuginfo-2.02.180-12.12.1 lvm2-debugsource-2.02.180-12.12.1 lvm2-devel-2.02.180-12.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libdevmapper1_03-32bit-1.02.149-12.12.1 libdevmapper1_03-32bit-debuginfo-1.02.149-12.12.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): lvm2-clvm-2.02.180-12.12.1 lvm2-clvm-debuginfo-2.02.180-12.12.1 lvm2-clvm-debugsource-2.02.180-12.12.1 lvm2-cmirrord-2.02.180-12.12.1 lvm2-cmirrord-debuginfo-2.02.180-12.12.1 lvm2-lockd-2.02.180-12.12.1 lvm2-lockd-debuginfo-2.02.180-12.12.1 References: https://bugzilla.suse.com/1150021 From sle-updates at lists.suse.com Fri Feb 7 10:18:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 18:18:22 +0100 (CET) Subject: SUSE-RU-2020:0364-1: moderate: Recommended update for supportutils-plugin-ses Message-ID: <20200207171822.5BC57F796@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0364-1 Rating: moderate References: #1162549 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-ses fixes the following issues: - Including output of 'ceph balancer status' (bsc#1162549) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-364=1 Package List: - SUSE Enterprise Storage 5 (noarch): supportutils-plugin-ses-5.0+git.1580912243.f8a0e71-3.15.1 References: https://bugzilla.suse.com/1162549 From sle-updates at lists.suse.com Fri Feb 7 11:25:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 19:25:47 +0100 (CET) Subject: SUSE-CU-2020:51-1: Security update of suse/sles12sp5 Message-ID: <20200207182547.B872BFC56@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:51-1 Container Tags : suse/sles12sp5:5.2.285 , suse/sles12sp5:latest Container Release : 5.2.285 Severity : moderate Type : security References : 1160571 CVE-2019-5188 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:360-1 Released: Fri Feb 7 10:44:17 2020 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1160571,CVE-2019-5188 Description: This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). From sle-updates at lists.suse.com Fri Feb 7 11:32:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 19:32:02 +0100 (CET) Subject: SUSE-CU-2020:52-1: Security update of suse/sles12sp4 Message-ID: <20200207183202.56D55F79E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:52-1 Container Tags : suse/sles12sp4:26.133 , suse/sles12sp4:latest Container Release : 26.133 Severity : moderate Type : security References : 1160571 CVE-2019-5188 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:360-1 Released: Fri Feb 7 10:44:17 2020 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1160571,CVE-2019-5188 Description: This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). From sle-updates at lists.suse.com Fri Feb 7 13:10:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 21:10:57 +0100 (CET) Subject: SUSE-SU-2020:0375-1: moderate: Security update for docker-runc Message-ID: <20200207201057.542A9F798@maintenance.suse.de> SUSE Security Update: Security update for docker-runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0375-1 Rating: moderate References: #1160452 Cross-References: CVE-2019-19921 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Containers 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for docker-runc fixes the following issues: - CVE-2019-19921: Fixed a volume mount race condition with shared mounts (bsc#1160452). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-375=1 - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-375=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): docker-runc-kubic-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1 docker-runc-kubic-debuginfo-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1 - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1 docker-runc-debuginfo-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1 References: https://www.suse.com/security/cve/CVE-2019-19921.html https://bugzilla.suse.com/1160452 From sle-updates at lists.suse.com Fri Feb 7 13:11:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Feb 2020 21:11:35 +0100 (CET) Subject: SUSE-SU-2020:0376-1: moderate: Security update for docker-runc Message-ID: <20200207201135.1E879F798@maintenance.suse.de> SUSE Security Update: Security update for docker-runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0376-1 Rating: moderate References: #1160452 Cross-References: CVE-2019-19921 Affected Products: SUSE Linux Enterprise Module for Containers 12 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for docker-runc fixes the following issues: - CVE-2019-19921: Fixed a volume mount race condition with shared mounts (bsc#1160452). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2020-376=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-1.40.1 - SUSE CaaS Platform 3.0 (x86_64): docker-runc-kubic-1.0.0rc8+gitr3917_3e425f80a8c9-1.40.1 docker-runc-kubic-debuginfo-1.0.0rc8+gitr3917_3e425f80a8c9-1.40.1 References: https://www.suse.com/security/cve/CVE-2019-19921.html https://bugzilla.suse.com/1160452 From sle-updates at lists.suse.com Fri Feb 7 16:11:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Feb 2020 00:11:03 +0100 (CET) Subject: SUSE-RU-2020:0377-1: moderate: Recommended update for release-notes-sles Message-ID: <20200207231103.0308EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0377-1 Rating: moderate References: #1161101 #1161102 Affected Products: SUSE Linux Enterprise Server Installer 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-sles fixes the following issues: - Fixes the bugreporting link (bsc#1161101) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP5: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP5-2020-377=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-377=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP5 (noarch): release-notes-sles-12.5.20200117-3.8.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): release-notes-sles-12.5.20200117-3.8.1 References: https://bugzilla.suse.com/1161101 https://bugzilla.suse.com/1161102 From sle-updates at lists.suse.com Mon Feb 10 10:11:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Feb 2020 18:11:44 +0100 (CET) Subject: SUSE-RU-2020:0378-1: moderate: Recommended update for btrfsmaintenance Message-ID: <20200210171144.019B8F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for btrfsmaintenance ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0378-1 Rating: moderate References: #1075976 #1088010 #1155924 #1159891 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for btrfsmaintenance fixes the following issues: - Fix for relative path of 'common.sh' for btrfs cron jobs. (bsc#1159891). - Fix for issue caused by fstrim making the system non-responsive. (bsc#1075976) - Implementation for several fixes to avoid issues on portable devices. (bsc#1155924, jsc#SLE-10907, jsc#SLE-10908) - Fix for system high load caused by immediate btrfs jobs by system recovery from a multi-day suspend. (bsc#1088010, jsc#SLE-10907, jsc#SLE-10908) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-378=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): btrfsmaintenance-0.2-16.5.1 References: https://bugzilla.suse.com/1075976 https://bugzilla.suse.com/1088010 https://bugzilla.suse.com/1155924 https://bugzilla.suse.com/1159891 From sle-updates at lists.suse.com Mon Feb 10 10:13:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Feb 2020 18:13:25 +0100 (CET) Subject: SUSE-RU-2020:0379-1: moderate: Recommended update for perl-TimeDate Message-ID: <20200210171325.08CA0F79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-TimeDate ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0379-1 Rating: moderate References: #1159990 #1162433 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for perl-TimeDate fixes the following issues: - Fix for issues parsing date strings into time values correctly. (bsc#1162433) - Fix a getdate function returning the current year wrongly. (bsc#1159990) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-379=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-379=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-379=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): perl-TimeDate-1.20-26.5.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): perl-TimeDate-1.20-26.5.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): perl-TimeDate-1.20-26.5.1 References: https://bugzilla.suse.com/1159990 https://bugzilla.suse.com/1162433 From sle-updates at lists.suse.com Wed Feb 12 07:11:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Feb 2020 15:11:39 +0100 (CET) Subject: SUSE-RU-2020:0381-1: moderate: Recommended update for supportutils-plugin-ses Message-ID: <20200212141139.62D18F796@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0381-1 Rating: moderate References: #1162549 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-ses fixes the following issues: - Including output of 'ceph mgr dump', 'ceph config dump', and 'ceph balancer status' (bsc#1162549) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2020-381=1 Package List: - SUSE Enterprise Storage 6 (noarch): supportutils-plugin-ses-6.0+git.1580912351.1278ebb-3.9.1 References: https://bugzilla.suse.com/1162549 From sle-updates at lists.suse.com Fri Feb 14 07:11:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Feb 2020 15:11:17 +0100 (CET) Subject: SUSE-RU-2020:0382-1: important: Recommended update for lvm2 Message-ID: <20200214141117.0778CF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0382-1 Rating: important References: #1163526 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lvm2 fixes the following issues: - Revert MD devices detection patches which caused a regression, where some volume groups couldn't be activated (bsc#1163526) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-382=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-382=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-382=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-382=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-382=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-382=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): device-mapper-devel-1.02.149-9.29.1 lvm2-debuginfo-2.02.180-9.29.1 lvm2-debugsource-2.02.180-9.29.1 lvm2-devel-2.02.180-9.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): device-mapper-devel-1.02.149-9.29.1 lvm2-debuginfo-2.02.180-9.29.1 lvm2-debugsource-2.02.180-9.29.1 lvm2-devel-2.02.180-9.29.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.149-9.29.1 device-mapper-debuginfo-1.02.149-9.29.1 lvm2-2.02.180-9.29.1 lvm2-debuginfo-2.02.180-9.29.1 lvm2-debugsource-2.02.180-9.29.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): device-mapper-32bit-1.02.149-9.29.1 device-mapper-debuginfo-32bit-1.02.149-9.29.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.149-9.29.1 device-mapper-debuginfo-1.02.149-9.29.1 lvm2-2.02.180-9.29.1 lvm2-debuginfo-2.02.180-9.29.1 lvm2-debugsource-2.02.180-9.29.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): device-mapper-32bit-1.02.149-9.29.1 device-mapper-debuginfo-32bit-1.02.149-9.29.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): lvm2-clvm-2.02.180-9.29.1 lvm2-clvm-debuginfo-2.02.180-9.29.1 lvm2-cmirrord-2.02.180-9.29.1 lvm2-cmirrord-debuginfo-2.02.180-9.29.1 lvm2-debuginfo-2.02.180-9.29.1 lvm2-debugsource-2.02.180-9.29.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): lvm2-clvm-2.02.180-9.29.1 lvm2-clvm-debuginfo-2.02.180-9.29.1 lvm2-cmirrord-2.02.180-9.29.1 lvm2-cmirrord-debuginfo-2.02.180-9.29.1 lvm2-debuginfo-2.02.180-9.29.1 lvm2-debugsource-2.02.180-9.29.1 References: https://bugzilla.suse.com/1163526 From sle-updates at lists.suse.com Mon Feb 17 04:11:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Feb 2020 12:11:51 +0100 (CET) Subject: SUSE-SU-2020:0385-1: important: Security update for MozillaThunderbird Message-ID: <20200217111151.41352F798@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0385-1 Rating: important References: #1162777 #1163368 Cross-References: CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6797 CVE-2020-6798 CVE-2020-6800 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 68.5 (bsc#1162777) MFSA 2020-07 (bsc#1163368) * CVE-2020-6793 (bmo#1608539) Out-of-bounds read when processing certain email messages * CVE-2020-6794 (bmo#1606619) Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords * CVE-2020-6795 (bmo#1611105) Crash processing S/MIME messages with multiple signatures * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6792 (bmo#1609607) Message ID calculcation was based on uninitialized data * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Thunderbird 68.5 * new: Support for Client Identity IMAP/SMTP Service Extension (bmo#1532388) * new: Support for OAuth 2.0 authentication for POP3 accounts (bmo#1538409) * fixed: Status area goes blank during account setup (bmo#1593122) * fixed: Calendar: Could not remove color for default categories (bmo#1584853) * fixed: Calendar: Prevent calendar component loading multiple times (bmo#1606375) * fixed: Calendar: Today pane did not retain width between sessions (bmo#1610207) * unresolved: When upgrading from Thunderbird version 60 to version 68, add-ons are not automatically updated during the upgrade process. They will however be updated during the add- on update check. It is of course possible to reinstall compatible add-ons via the Add-ons Manager or via addons.thunderbird.net. (bmo#1574183) * changed: Calendar: Task and Event tree colours adjusted for the dark theme (bmo#1608344) * fixed: Retrieval of S/MIME certificates from LDAP failed (bmo#1604773) * fixed: Address-parsing crash on some IMAP servers when preference mail.imap.use_envelope_cmd was set (bmo#1609690) * fixed: Incorrect forwarding of HTML messages caused SMTP servers to respond with a timeout (bmo#1222046) * fixed: Calendar: Various parts of the calendar UI stopped working when a second Thunderbird window opened (bmo#1608407) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-385=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-68.5.0-3.71.1 MozillaThunderbird-debuginfo-68.5.0-3.71.1 MozillaThunderbird-debugsource-68.5.0-3.71.1 MozillaThunderbird-translations-common-68.5.0-3.71.1 MozillaThunderbird-translations-other-68.5.0-3.71.1 References: https://www.suse.com/security/cve/CVE-2020-6792.html https://www.suse.com/security/cve/CVE-2020-6793.html https://www.suse.com/security/cve/CVE-2020-6794.html https://www.suse.com/security/cve/CVE-2020-6795.html https://www.suse.com/security/cve/CVE-2020-6797.html https://www.suse.com/security/cve/CVE-2020-6798.html https://www.suse.com/security/cve/CVE-2020-6800.html https://bugzilla.suse.com/1162777 https://bugzilla.suse.com/1163368 From sle-updates at lists.suse.com Mon Feb 17 04:12:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Feb 2020 12:12:45 +0100 (CET) Subject: SUSE-SU-2020:0383-1: important: Security update for MozillaFirefox Message-ID: <20200217111245.221E1F798@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0383-1 Rating: important References: #1163368 Cross-References: CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.5.0 ESR * Fixed: Various stability and security fixes - Mozilla Firefox ESR68.5 MFSA 2020-06 (bsc#1163368) * CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read in the parent process * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6799 (bmo#1606596) Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-383=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-383=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-383=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2020-383=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-68.5.0-3.72.1 MozillaFirefox-debuginfo-68.5.0-3.72.1 MozillaFirefox-debugsource-68.5.0-3.72.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): MozillaFirefox-buildsymbols-68.5.0-3.72.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): MozillaFirefox-devel-68.5.0-3.72.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-68.5.0-3.72.1 MozillaFirefox-debuginfo-68.5.0-3.72.1 MozillaFirefox-debugsource-68.5.0-3.72.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-68.5.0-3.72.1 MozillaFirefox-debuginfo-68.5.0-3.72.1 MozillaFirefox-debugsource-68.5.0-3.72.1 MozillaFirefox-translations-common-68.5.0-3.72.1 MozillaFirefox-translations-other-68.5.0-3.72.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): MozillaFirefox-devel-68.5.0-3.72.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-68.5.0-3.72.1 MozillaFirefox-debuginfo-68.5.0-3.72.1 MozillaFirefox-debugsource-68.5.0-3.72.1 MozillaFirefox-devel-68.5.0-3.72.1 MozillaFirefox-translations-common-68.5.0-3.72.1 MozillaFirefox-translations-other-68.5.0-3.72.1 References: https://www.suse.com/security/cve/CVE-2020-6796.html https://www.suse.com/security/cve/CVE-2020-6797.html https://www.suse.com/security/cve/CVE-2020-6798.html https://www.suse.com/security/cve/CVE-2020-6799.html https://www.suse.com/security/cve/CVE-2020-6800.html https://bugzilla.suse.com/1163368 From sle-updates at lists.suse.com Mon Feb 17 04:13:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Feb 2020 12:13:34 +0100 (CET) Subject: SUSE-SU-2020:0384-1: important: Security update for MozillaFirefox Message-ID: <20200217111334.C7554F798@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0384-1 Rating: important References: #1161799 Cross-References: CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.5.0 ESR * CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read in the parent process * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6799 (bmo#1606596) Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 * Fixed: Fixed various issues opening files with spaces in their path (bmo#1601905, bmo#1602726) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-384=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-384=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-384=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-384=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-384=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-384=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-384=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-384=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-384=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-384=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-384=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-384=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-384=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-384=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-384=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-384=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-384=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-384=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-devel-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-devel-68.5.0-109.106.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-devel-68.5.0-109.106.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-devel-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-devel-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-devel-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-devel-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-devel-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-68.5.0-109.106.1 MozillaFirefox-debuginfo-68.5.0-109.106.1 MozillaFirefox-debugsource-68.5.0-109.106.1 MozillaFirefox-translations-common-68.5.0-109.106.1 References: https://www.suse.com/security/cve/CVE-2020-6796.html https://www.suse.com/security/cve/CVE-2020-6797.html https://www.suse.com/security/cve/CVE-2020-6798.html https://www.suse.com/security/cve/CVE-2020-6799.html https://www.suse.com/security/cve/CVE-2020-6800.html https://bugzilla.suse.com/1161799 From sle-updates at lists.suse.com Mon Feb 17 04:25:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Feb 2020 12:25:44 +0100 (CET) Subject: SUSE-CU-2020:53-1: Security update of caasp/v4/kube-state-metrics Message-ID: <20200217112544.E901AF79E@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4/kube-state-metrics ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:53-1 Container Tags : caasp/v4/kube-state-metrics:1.9.3 , caasp/v4/kube-state-metrics:1.9.3-rev1 , caasp/v4/kube-state-metrics:1.9.3-rev1-build1.10.1 Container Release : 1.10.1 Severity : important Type : security References : 1007715 1013125 1084671 1084934 1092920 1093414 1106383 1114592 1123919 1133495 1135254 1137337 1141897 1142649 1142654 1148517 1148987 1149145 1149332 1150734 1151377 1151582 1152335 1152755 1154256 1154295 1154871 1154884 1154887 1155199 1155207 1155323 1155338 1155339 1155346 1155574 1155593 1155810 1156213 1156482 1157198 1157278 1157292 1157775 1157794 1157802 1157893 1158095 1158095 1158101 1158485 1158809 1158830 1158921 1158996 1159074 1159452 1159814 1160443 1160571 1160600 1160970 1161056 1161179 1161436 1161975 1162108 CVE-2019-12290 CVE-2019-13627 CVE-2019-14250 CVE-2019-14866 CVE-2019-14889 CVE-2019-14889 CVE-2019-1551 CVE-2019-15847 CVE-2019-18224 CVE-2019-19126 CVE-2019-20386 CVE-2019-3688 CVE-2019-3690 CVE-2019-5188 CVE-2020-1712 SLE-6533 SLE-6536 SLE-8789 ----------------------------------------------------------------- The container caasp/v4/kube-state-metrics was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2903-1 Released: Wed Nov 6 11:57:13 2019 Summary: Recommended update for configmap-reload Type: recommended Severity: low References: Description: Codestream only release for the containers to build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3059-1 Released: Mon Nov 25 17:33:07 2019 Summary: Security update for cpio Type: security Severity: moderate References: 1155199,CVE-2019-14866 Description: This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3061-1 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Type: security Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 Description: This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3070-1 Released: Tue Nov 26 12:39:29 2019 Summary: Recommended update for gpg2 Type: recommended Severity: low References: 1152755 Description: This update for gpg2 provides the following fix: - Remove a build requirement on self. This is causing Leap 15.2 bootstrap to fail. (bsc#1152755) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 Description: This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3087-1 Released: Thu Nov 28 10:03:00 2019 Summary: Security update for libxml2 Type: security Severity: low References: 1123919 Description: This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3118-1 Released: Fri Nov 29 14:41:35 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1154295 Description: This update for e2fsprogs fixes the following issues: - Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3166-1 Released: Wed Dec 4 11:24:42 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1007715,1084934,1157278 Description: This update for aaa_base fixes the following issues: - Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934) - Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715) - Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3181-1 Released: Thu Dec 5 11:43:07 2019 Summary: Security update for permissions Type: security Severity: moderate References: 1093414,1150734,1157198,CVE-2019-3688,CVE-2019-3690 Description: This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused sagmentation fault (bsc#1157198). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3240-1 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Type: recommended Severity: moderate References: 1154871 Description: This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3267-1 Released: Wed Dec 11 11:19:53 2019 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3392-1 Released: Fri Dec 27 13:33:29 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1148987,1155338,1155339,CVE-2019-13627 Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987). Bug fixes: - Added CMAC AES self test (bsc#1155339). - Added CMAC TDES self test missing (bsc#1155338). - Fix test dsa-rfc6979 in FIPS mode. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:69-1 Released: Fri Jan 10 12:33:59 2020 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1155346,1157775,1158101,1158809,CVE-2019-1551,SLE-8789 Description: This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Various FIPS related improvements were done: - FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775). - Port FIPS patches from SLE-12 (bsc#1158101). - Use SHA-2 in the RSA pairwise consistency check (bsc#1155346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:129-1 Released: Mon Jan 20 09:21:13 2020 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:256-1 Released: Wed Jan 29 09:39:17 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1157794,1160970 Description: This update for aaa_base fixes the following issues: - Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794) - Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:262-1 Released: Thu Jan 30 11:02:42 2020 Summary: Security update for glibc Type: security Severity: moderate References: 1149332,1151582,1157292,1157893,1158996,CVE-2019-19126 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292). Bug fixes: - Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893). - Fixed Hardware support in toolchain (bsc#1151582). - Fixed syscalls during early process initialization (SLE-8348). - Fixed an array overflow in backtrace for PowerPC (bsc#1158996). - Moved to posix_spawn on popen (bsc#1149332). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:265-1 Released: Thu Jan 30 14:05:34 2020 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1160571,CVE-2019-5188 Description: This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:279-1 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1013125 Description: This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:335-1 Released: Thu Feb 6 11:37:24 2020 Summary: Security update for systemd Type: security Severity: important References: 1084671,1092920,1106383,1133495,1151377,1154256,1155207,1155574,1156213,1156482,1158485,1159814,1161436,1162108,CVE-2019-20386,CVE-2020-1712 Description: This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) - bus_open leak sd_event_source when udevadm trigger??? (bsc#1161436 CVE-2019-20386) - fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) - fileio: initialize errno to zero before we do fread() - fileio: try to read one byte too much in read_full_stream() - logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485) - logind: never elect a session that is stopping as display - journal: include kmsg lines from the systemd process which exec()d us (#8078) - udevd: don't use monitor after manager_exit() - udevd: capitalize log messages in on_sigchld() - udevd: merge conditions to decrease indentation - Revert 'udevd: fix crash when workers time out after exit is signal caught' - core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482) - udevd: fix crash when workers time out after exit is signal caught - udevd: wait for workers to finish when exiting (bsc#1106383) - Improve bash completion support (bsc#1155207) * shell-completion: systemctl: do not list template units in {re,}start * shell-completion: systemctl: pass current word to all list_unit* * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207) * bash-completion: systemctl: use systemctl --no-pager * bash-completion: also suggest template unit files * bash-completion: systemctl: add missing options and verbs * bash-completion: use the first argument instead of the global variable (#6457) - networkd: VXLan Make group and remote variable separate (bsc#1156213) - networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213) - fs-util: let's avoid unnecessary strerror() - fs-util: introduce inotify_add_watch_and_warn() helper - ask-password: improve log message when inotify limit is reached (bsc#1155574) - shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377) - man: alias names can't be used with enable command (bsc#1151377) - Add boot option to not use swap at system start (jsc#SLE-7689) - Allow YaST to select Iranian (Persian, Farsi) keyboard layout (bsc#1092920) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:339-1 Released: Thu Feb 6 13:03:22 2020 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1158921 Description: This update for openldap2 provides the following fix: - Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:386-1 Released: Mon Feb 17 11:41:23 2020 Summary: Skuba bug fix, supportconfig update, cri-o and kubernetes fixes, and prometheus fixes Type: recommended Severity: important References: 1137337,1152335,1155323,1155593,1155810,1157802,1159074,1159452,1160443,1160600,1161056,1161179,1161975 Description: = Required Actions Update skuba, kubernetes-client and kubernetes-kubeadm packages on your management workstation as you would do with any other package. Refer to: https://documentation.suse.com/sles/15-SP1/single-html/SLES-admin/#sec-zypper-softup-update Packages on your cluster nodes (cri-o, kubernetes, supportutils-plugin-suse-caasp) will be updated automatically by skuba-update link:https://documentation.suse.com/suse-caasp/4.1/html/caasp-admin/_cluster_updates.html#_base_os_updates Use `helm upgrade` command to fix prometheus kube-state-metrics image. Finally, to apply the prometheus pushgateway fix, enable it in your helm chart https://github.com/SUSE/kubernetes-charts-suse-com/blob/master/stable/prometheus/values.yaml#L848 and use helm ugrade command link:https://helm.sh/docs/intro/using_helm/#helm-upgrade-and-helm-rollback-upgrading-a-release-and-recovering-on-failure. From sle-updates at lists.suse.com Mon Feb 17 04:26:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Feb 2020 12:26:04 +0100 (CET) Subject: SUSE-CU-2020:54-1: Security update of caasp/v4/prometheus-pushgateway Message-ID: <20200217112604.C5774F79E@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4/prometheus-pushgateway ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:54-1 Container Tags : caasp/v4/prometheus-pushgateway:0.6.0 , caasp/v4/prometheus-pushgateway:0.6.0-rev1 , caasp/v4/prometheus-pushgateway:0.6.0-rev1-build1.7.1 Container Release : 1.7.1 Severity : important Type : security References : 1005023 1007715 1009532 1013125 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1036463 1038194 1039099 1044840 1045723 1047002 1049825 1051143 1063675 1065270 1071321 1072183 1073313 1076696 1080919 1081947 1081947 1082293 1082318 1082318 1082956 1083158 1084671 1084812 1084842 1084934 1085196 1086367 1086367 1087550 1088052 1088279 1088524 1089640 1089761 1090944 1091265 1091677 1092100 1092877 1092920 1093414 1093753 1093753 1093851 1094150 1094154 1094161 1094222 1094735 1095096 1095148 1095661 1095670 1095973 1096191 1096718 1096745 1096974 1096984 1097073 1097158 1097370 1098569 1099793 1100396 1100415 1100488 1100779 1101040 1101470 1101470 1101591 1102046 1102310 1102526 1102564 1102908 1103320 1103320 1104531 1104780 1105031 1105166 1105435 1105437 1105459 1105460 1106019 1106214 1106383 1106390 1107066 1107067 1107617 1107640 1107941 1109197 1109252 1110304 1110445 1110700 1110797 1111019 1111342 1111345 1111345 1111388 1111498 1111973 1112024 1112570 1112723 1112726 1112758 1112928 1113083 1113100 1113632 1113660 1113665 1114135 1114407 1114592 1114674 1114675 1114681 1114686 1114845 1114933 1114984 1114993 1115640 1115929 1116995 1117025 1117063 1117354 1117993 1118086 1118087 1118087 1118364 1118629 1119414 1119687 1119937 1119971 1120279 1120323 1120346 1120472 1120629 1120630 1120631 1120689 1121051 1121197 1121446 1121563 1121563 1121753 1122000 1122361 1122417 1122666 1122729 1123043 1123333 1123371 1123377 1123378 1123685 1123710 1123727 1123820 1123892 1123919 1124122 1124153 1124223 1124847 1125007 1125352 1125352 1125410 1125439 1125604 1125886 1126056 1126096 1126117 1126118 1126119 1126327 1126377 1126590 1127073 1127155 1127223 1127308 1127557 1127608 1127701 1128246 1128383 1128598 1128828 1129576 1129598 1129753 1130045 1130230 1130306 1130325 1130326 1130681 1130682 1131060 1131113 1131330 1131686 1131823 1132348 1132400 1132721 1133495 1133506 1133509 1133773 1133808 1134193 1134217 1134226 1134524 1134856 1135123 1135170 1135254 1135534 1135708 1135709 1135749 1135751 1135984 1136717 1137053 1137296 1137337 1137624 1137832 1137977 1138869 1138939 1139083 1139083 1139459 1139795 1139937 1140039 1140631 1140647 1141059 1141093 1141113 1141883 1141897 1142614 1142649 1142654 1143055 1143194 1143273 1144047 1144169 1145023 1145231 1145521 1145554 1145716 1146027 1146415 1146415 1146866 1146947 1148517 1148987 1149145 1149332 1149429 1149495 1149496 1149511 1150003 1150021 1150137 1150250 1150595 1150734 1151023 1151377 1151582 1152101 1152335 1152755 1153351 1153557 1153936 1154019 1154036 1154037 1154256 1154295 1154871 1154884 1154887 1155199 1155207 1155323 1155338 1155339 1155346 1155574 1155593 1155668 1155810 1156213 1156482 1157198 1157278 1157292 1157775 1157794 1157802 1157893 1158095 1158095 1158101 1158485 1158809 1158830 1158921 1158996 1159074 1159452 1159814 1160443 1160571 1160600 1160970 1161056 1161179 1161436 1161975 1162108 353876 859480 915402 918346 943457 953659 960273 985657 991901 CVE-2009-5155 CVE-2015-0247 CVE-2015-1572 CVE-2016-10739 CVE-2016-3189 CVE-2017-10790 CVE-2017-17740 CVE-2017-18269 CVE-2017-7500 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-0500 CVE-2018-0732 CVE-2018-1000654 CVE-2018-1000858 CVE-2018-10360 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 CVE-2018-1122 CVE-2018-1123 CVE-2018-11236 CVE-2018-11237 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2018-12015 CVE-2018-12020 CVE-2018-14404 CVE-2018-14567 CVE-2018-14618 CVE-2018-15686 CVE-2018-15688 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 CVE-2018-16868 CVE-2018-16868 CVE-2018-16869 CVE-2018-16890 CVE-2018-17953 CVE-2018-18310 CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18520 CVE-2018-18521 CVE-2018-19211 CVE-2018-20346 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 CVE-2018-20843 CVE-2018-6954 CVE-2018-9251 CVE-2019-12290 CVE-2019-12749 CVE-2019-12900 CVE-2019-12900 CVE-2019-12904 CVE-2019-13050 CVE-2019-13057 CVE-2019-13565 CVE-2019-13627 CVE-2019-14250 CVE-2019-14866 CVE-2019-14889 CVE-2019-14889 CVE-2019-1547 CVE-2019-1551 CVE-2019-1563 CVE-2019-15847 CVE-2019-15903 CVE-2019-16168 CVE-2019-17543 CVE-2019-17594 CVE-2019-17595 CVE-2019-18224 CVE-2019-19126 CVE-2019-20386 CVE-2019-3688 CVE-2019-3690 CVE-2019-3822 CVE-2019-3823 CVE-2019-3829 CVE-2019-3836 CVE-2019-3842 CVE-2019-3843 CVE-2019-3844 CVE-2019-3880 CVE-2019-5021 CVE-2019-5094 CVE-2019-5188 CVE-2019-5436 CVE-2019-5481 CVE-2019-5482 CVE-2019-6454 CVE-2019-6454 CVE-2019-6706 CVE-2019-7150 CVE-2019-7665 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 CVE-2019-9169 CVE-2019-9893 CVE-2019-9936 CVE-2019-9937 CVE-2020-1712 SLE-3853 SLE-4117 SLE-5807 SLE-5933 SLE-6533 SLE-6536 SLE-7687 SLE-8789 SLE-9132 SLE-9171 ----------------------------------------------------------------- The container caasp/v4/prometheus-pushgateway was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1223-1 Released: Tue Jun 26 11:41:00 2018 Summary: Security update for gpg2 Type: security Severity: important References: 1096745,CVE-2018-12020 Description: This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1264-1 Released: Tue Jul 3 10:56:12 2018 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1086367 Description: This update for curl provides the following fix: - Use OPENSSL_config() instead of CONF_modules_load_file() to avoid crashes due to conflicting openssl engines. (bsc#1086367) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1327-1 Released: Tue Jul 17 08:07:24 2018 Summary: Security update for perl Type: security Severity: moderate References: 1096718,CVE-2018-12015 Description: This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1346-1 Released: Thu Jul 19 09:25:08 2018 Summary: Security update for glibc Type: security Severity: moderate References: 1082318,1092877,1094150,1094154,1094161,CVE-2017-18269,CVE-2018-11236,CVE-2018-11237 Description: This update for glibc fixes the following security issues: - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the copy operation. This may have disclosed information to context-dependent attackers, resulted in a denial of service or code execution (bsc#1094150). - CVE-2018-11236: Prevent integer overflow on 32-bit architectures when processing very long pathname arguments to the realpath function, leading to a stack-based buffer overflow (bsc#1094161). - CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function may have writen data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper (bsc#1092877, bsc#1094154). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1353-1 Released: Thu Jul 19 09:50:32 2018 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1009532,1038194,915402,918346,960273,CVE-2015-0247,CVE-2015-1572 Description: This update for e2fsprogs fixes the following issues: Security issues fixed: - CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402). - CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346). Bug fixes: - bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system. - bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system. - bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1362-1 Released: Thu Jul 19 12:47:33 2018 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1100415 Description: ca-certificates-mozilla was updated to the 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415) Following CAs were removed: * S-TRUST_Universal_Root_CA * TC_TrustCenter_Class_3_CA_II * TUeRKTRUST_Elektronik_Sertifika_Hizmet_Saglayicisi_H5 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1396-1 Released: Thu Jul 26 16:23:09 2018 Summary: Security update for rpm Type: security Severity: moderate References: 1094735,1095148,943457,CVE-2017-7500 Description: This update for rpm fixes the following issues: This security vulnerability was fixed: - CVE-2017-7500: Fixed symlink attacks during RPM installation (bsc#943457) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1409-1 Released: Fri Jul 27 06:45:10 2018 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1039099,1083158,1088052,1091265,1093851,1095096,1095973,1098569 Description: This update for systemd provides the following fixes: - systemctl: Mask always reports the same unit names when different unknown units are passed. (bsc#1095973) - systemctl: Check the existence of all units, not just the first one. - scsi_id: Fix the prefix for pre-SPC inquiry reply. (bsc#1039099) - device: Make sure to always retroactively start device dependencies. (bsc#1088052) - locale-util: On overlayfs FTW_MOUNT causes nftw(3) to not list *any* files. - Fix pattern to detect distribution. - install: The 'user' and 'global' scopes are equivalent for user presets. (bsc#1093851) - install: Search for preset files in /run (#7715) - install: Consider globally enabled units as 'enabled' for the user. (bsc#1093851) - install: Consider non-Alias=/non-DefaultInstance= symlinks as 'indirect' enablement. - install: Only consider names in Alias= as 'enabling'. - udev: Whitelist mlx4_core locally-administered MAC addresses in the persistent rule generator. (bsc#1083158) - man: Updated systemd-analyze blame description for service-units with Type=simple. (bsc#1091265) - fileio: Support writing atomic files with timestamp. - fileio.c: Fix incorrect mtime - Drop runtime dependency on dracut, otherwise systemd pulls in tools to generate the initrd even in container/chroot installations that don't have a kernel. For environments where initrd matters, dracut should be pulled via a pattern. (bsc#1098569) - An update broke booting with encrypted partitions on NVMe (bsc#1095096) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1685-1 Released: Fri Aug 17 18:20:58 2018 Summary: Security update for curl Type: security Severity: moderate References: 1099793,CVE-2018-0500 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2018-0500: Fix a SMTP send heap buffer overflow (bsc#1099793). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1754-1 Released: Fri Aug 24 16:40:21 2018 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1104780 Description: This update for ca-certificates-mozilla fixes the following issues: Updated to the 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780) - removed server auth rights from following CAs: - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - removed CA - ComSign CA - new CA added: - GlobalSign ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1760-1 Released: Fri Aug 24 17:14:53 2018 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1072183 Description: This update for libtirpc fixes the following issues: - rpcinfo: send RPC getport call as specified via parameter (bsc#1072183) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1904-1 Released: Fri Sep 14 12:46:39 2018 Summary: Security update for curl Type: security Severity: moderate References: 1086367,1106019,CVE-2018-14618 Description: This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019) This non-security issue was fixed: - Use OPENSSL_config instead of CONF_modules_load_file() to avoid crashes due to openssl engines conflicts (bsc#1086367) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1999-1 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1071321 Description: This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2055-1 Released: Thu Sep 27 14:30:14 2018 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1089640 Description: This update for openldap2 provides the following fix: - Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2070-1 Released: Fri Sep 28 08:02:02 2018 Summary: Security update for gnutls Type: security Severity: moderate References: 1047002,1105437,1105459,1105460,CVE-2017-10790,CVE-2018-10844,CVE-2018-10845,CVE-2018-10846 Description: This update for gnutls fixes the following security issues: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (bsc#1105460) - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (bsc#1105459) - CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (bsc#1105437) - CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (bsc#1047002) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2083-1 Released: Sun Sep 30 14:06:33 2018 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1097158,1101470,CVE-2018-0732 Description: This update for openssl-1_1 to 1.1.0i fixes the following issues: These security issues were fixed: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks These non-security issues were fixed: - When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. - Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. - Fixed a text canonicalisation bug in CMS - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2155-1 Released: Fri Oct 5 14:41:17 2018 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1101470 Description: This update for ca-certificates fixes the following issues: - Changed 'openssl' requirement to 'openssl(cli)' (bsc#1101470) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2177-1 Released: Tue Oct 9 09:00:13 2018 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1095661,1095670,1100488 Description: This update for bash provides the following fixes: - Bugfix: Parse settings in inputrc for all screen TERM variables starting with 'screen.' (bsc#1095661) - Make the generation of bash.html reproducible. (bsc#1100488) - Use initgroups(3) instead of setgroups(2) to fix the usage of suid programs. (bsc#1095670) - Fix a problem that could cause hash table bash uses to store exit statuses from asynchronous processes to develop loops in circumstances involving long-running scripts that create and reap many processes. - Fix a problem that could cause the shell to loop if a SIGINT is received inside of a SIGINT trap handler. - Fix cases where a failing readline command (e.g., delete-char at the end of a line) can cause a multi-character key sequence to 'back up' and attempt to re-read some of the characters in the sequence. - Fix a problem when sourcing a file from an interactive shell, that setting the SIGINT handler to the default and typing ^C would cause the shell to exit. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2182-1 Released: Tue Oct 9 11:08:36 2018 Summary: Security update for libxml2 Type: security Severity: moderate References: 1088279,1102046,1105166,CVE-2018-14404,CVE-2018-14567,CVE-2018-9251 Description: This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2370-1 Released: Mon Oct 22 14:02:01 2018 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1102310,1104531 Description: This update for aaa_base provides the following fixes: - Let bash.bashrc work even for (m)ksh. (bsc#1104531) - Fix an error at login if java system directory is empty. (bsc#1102310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2485-1 Released: Fri Oct 26 12:38:01 2018 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1112928 Description: This update for kmod provides the following fixes: - Allow 'modprobe -c' print the status of 'allow_unsupported_modules' option. (bsc#1112928) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2487-1 Released: Fri Oct 26 12:39:07 2018 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1102526 Description: This update for glibc fixes the following issues: - Fix build on aarch64 with binutils newer than 2.30. - Fix year 2039 bug for localtime with 64-bit time_t (bsc#1102526) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2539-1 Released: Tue Oct 30 16:17:23 2018 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1113100 Description: This update for rpm fixes the following issues: - On PowerPC64 fix the superfluous TOC. dependency (bsc#1113100) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2569-1 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1110700 Description: This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2578-1 Released: Mon Nov 5 17:55:35 2018 Summary: Security update for curl Type: security Severity: moderate References: 1112758,1113660,CVE-2018-16839,CVE-2018-16840,CVE-2018-16842 Description: This update for curl fixes the following issues: - CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758) - CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758) - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2595-1 Released: Wed Nov 7 11:14:42 2018 Summary: Security update for systemd Type: security Severity: important References: 1089761,1090944,1091677,1093753,1101040,1102908,1105031,1107640,1107941,1109197,1109252,1110445,1112024,1113083,1113632,1113665,1114135,991901,CVE-2018-15686,CVE-2018-15688 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user at .service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - core: introduce systemd.early_core_pattern= kernel cmdline option - core: add missing 'continue' statement - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197) - emergency: make sure console password agents don't interfere with the emergency shell - man: document that 'nofail' also has an effect on ordering - journald: take leading spaces into account in syslog_parse_identifier - journal: do not remove multiple spaces after identifier in syslog message - syslog: fix segfault in syslog_parse_priority() - journal: fix syslog_parse_identifier() - install: drop left-over debug message (#6913) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. - Add udev.no-partlabel-links kernel command-line option. This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used. (bsc#1089761) - man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040) - systemctl: load unit if needed in 'systemctl is-active' (bsc#1102908) - core: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944) - Enable or disable machines.target according to the presets (bsc#1107941) - cryptsetup: add support for sector-size= option (fate#325697) - nspawn: always use permission mode 555 for /sys (bsc#1107640) - Bugfix for a race condition between daemon-reload and other commands (bsc#1105031) - Fixes an issue where login with root credentials was not possible in init level 5 (bsc#1091677) - Fix an issue where services of type 'notify' harmless DENIED log entries. (bsc#991901) - Does no longer adjust qgroups on existing subvolumes (bsc#1093753) - cryptsetup: add support for sector-size= option (#9936) (fate#325697 bsc#1114135) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2607-1 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Type: recommended Severity: low References: 1084812,1084842,1087550,1094222,1102564 Description: The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2744-1 Released: Thu Nov 22 14:30:38 2018 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1111345 Description: This update for apparmor fixes the following issues: - allow dnsmasq to open logfiles (bsc#1111345) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2825-1 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Type: security Severity: important References: 1115640,CVE-2018-17953 Description: This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2861-1 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Type: security Severity: important References: 1103320,1115929,CVE-2018-19211 Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2984-1 Released: Wed Dec 19 11:32:39 2018 Summary: Security update for perl Type: security Severity: moderate References: 1114674,1114675,1114681,1114686,CVE-2018-18311,CVE-2018-18312,CVE-2018-18313,CVE-2018-18314 Description: This update for perl fixes the following issues: Secuirty issues fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2986-1 Released: Wed Dec 19 13:53:22 2018 Summary: Security update for libnettle Type: security Severity: moderate References: 1118086,CVE-2018-16869 Description: This update for libnettle fixes the following issues: Security issues fixed: - CVE-2018-16869: Fixed a leaky data conversion exposing a manager oracle (bsc#1118086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:23-1 Released: Mon Jan 7 16:30:33 2019 Summary: Security update for gpg2 Type: security Severity: moderate References: 1120346,CVE-2018-1000858 Description: This update for gpg2 fixes the following issue: Security issue fixed: - CVE-2018-1000858: Fixed a Cross Site Request Forgery(CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF (bsc#1120346). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:44-1 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Type: recommended Severity: low References: 953659 Description: This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:56-1 Released: Thu Jan 10 15:04:46 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1111345 Description: This update for apparmor fixes the following issues: - Update the last dnsmasq fix for logfiles when running under apparmor (bsc#1111345) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:137-1 Released: Mon Jan 21 15:52:45 2019 Summary: Security update for systemd Type: security Severity: important References: 1005023,1045723,1076696,1080919,1093753,1101591,1111498,1114933,1117063,1119971,1120323,CVE-2018-16864,CVE-2018-16865,CVE-2018-16866,CVE-2018-6954 Description: This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - CVE-2018-6954: Fix mishandling of symlinks present in non-terminal path components (bsc#1080919) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - pam_systemd: Fix 'Cannot create session: Already running in a session' (bsc#1111498) - systemd-vconsole-setup: vconsole setup fails, fonts will not be copied to tty (bsc#1114933) - systemd-tmpfiles-setup: symlinked /tmp to /var/tmp breaking multiple units (bsc#1045723) - Fixed installation issue with /etc/machine-id during update (bsc#1117063) - btrfs: qgroups are assigned to parent qgroups after reboot (bsc#1093753) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:147-1 Released: Wed Jan 23 17:57:31 2019 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1121446 Description: This update for ca-certificates-mozilla fixes the following issues: The package was updated to the 2.30 version of the Mozilla NSS Certificate store. (bsc#1121446) Removed Root CAs: - AC Raiz Certicamara S.A. - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - Visa eCommerce Root Added Root CAs: - Certigna Root CA (email and server auth) - GTS Root R1 (server auth) - GTS Root R2 (server auth) - GTS Root R3 (server auth) - GTS Root R4 (server auth) - OISTE WISeKey Global Root GC CA (email and server auth) - UCA Extended Validation Root (server auth) - UCA Global G2 Root (email and server auth) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:151-1 Released: Wed Jan 23 17:58:59 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1082956,1097370,1100779,1111342,1117354,1119937,1120472 Description: This update for apparmor fixes the following issues: - Change of path of rpm in lessopen.sh (bsc#1082956, bsc#1117354) - allow network access in lessopen.sh for reading files on NFS (workaround for bsc#1119937 / lp#1784499) - dropped check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (bsc#1120472) - netconfig: write resolv.conf to /run with link to /etc (fate#325872, bsc#1097370) [patch apparmor-nameservice-resolv-conf-link.patch] Update to AppArmor 2.12.2: - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (bsc#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.2 for the detailed upstream changelog Update to AppArmor 2.12.1: - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - add support for conditional includes ('include if exists') - ignore 'abi' rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including bsc#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.1 for detailed upstream release notes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:170-1 Released: Fri Jan 25 13:43:29 2019 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1118629 Description: This update for kmod fixes the following issues: - Fixes module dependency file corruption on parallel invocation (bsc#1118629). - Allows 'modprobe -c' to print the status of 'allow_unsupported_modules' option. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:189-1 Released: Mon Jan 28 14:14:46 2019 Summary: Recommended update for rpm Type: recommended Severity: moderate References: Description: This update for rpm fixes the following issues: - Add kmod(module) provides to kernel and KMPs (fate#326579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:247-1 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Type: security Severity: moderate References: 1123043,CVE-2019-6706 Description: This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:248-1 Released: Wed Feb 6 08:35:20 2019 Summary: Security update for curl Type: security Severity: important References: 1123371,1123377,1123378,CVE-2018-16890,CVE-2019-3822,CVE-2019-3823 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:369-1 Released: Wed Feb 13 14:01:42 2019 Summary: Recommended update for itstool Type: recommended Severity: moderate References: 1065270,1111019 Description: This update for itstool and python-libxml2-python fixes the following issues: Package: itstool - Updated version to support Python3. (bnc#1111019) Package: python-libxml2-python - Fix segfault when parsing invalid data. (bsc#1065270) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:426-1 Released: Mon Feb 18 17:46:55 2019 Summary: Security update for systemd Type: security Severity: important References: 1117025,1121563,1122000,1123333,1123727,1123892,1124153,1125352,CVE-2019-6454 Description: This update for systemd fixes the following issues: - CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352) - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - logind: fix bad error propagation - login: log session state 'closing' (as well as New/Removed) - logind: fix borked r check - login: don't remove all devices from PID1 when only one was removed - login: we only allow opening character devices - login: correct comment in session_device_free() - login: remember that fds received from PID1 need to be removed eventually - login: fix FDNAME in call to sd_pid_notify_with_fds() - logind: fd 0 is a valid fd - logind: rework sd_eviocrevoke() - logind: check file is device node before using .st_rdev - logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153) - core: add a new sd_notify() message for removing fds from the FD store again - logind: make sure we don't trip up on half-initialized session devices (bsc#1123727) - fd-util: accept that kcmp might fail with EPERM/EACCES - core: Fix use after free case in load_from_path() (bsc#1121563) - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - core: free lines after reading them (bsc#1123892) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:532-1 Released: Fri Mar 1 13:47:29 2019 Summary: Recommended update for console-setup, kbd Type: recommended Severity: moderate References: 1122361 Description: This update for console-setup and kbd provides the following fix: - Fix Shift-Tab mapping. (bsc#1122361) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:571-1 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Type: security Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 Description: This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:577-1 Released: Mon Mar 11 12:03:49 2019 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1123820,1127073 Description: This update for apparmor fixes the following issues: - apparmor prevents libvirtd from starting (bsc#1127073) - Start apparmor after filesystem remount (bsc#1123820) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:641-1 Released: Tue Mar 19 13:17:28 2019 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1112570,1114984,1114993 Description: This update for glibc provides the following fixes: - Fix Haswell CPU string flags. (bsc#1114984) - Fix waiters-after-spinning case. (bsc#1114993) - Do not relocate absolute symbols. (bsc#1112570) - Add glibc-locale-base subpackage containing only C, C.UTF-8 and en_US.UTF-8 locales. (fate#326551) - Add HWCAP_ATOMICS to HWCAP_IMPORTANT (fate#325962) - Remove slow paths from math routines. (fate#325815, fate#325879, fate#325880, fate#325881, fate#325882) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:664-1 Released: Wed Mar 20 14:54:12 2019 Summary: Recommended update for gpgme Type: recommended Severity: low References: 1121051 Description: This update for gpgme provides the following fix: - Re-generate keys in Qt tests to not expire. (bsc#1121051) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:700-1 Released: Thu Mar 21 19:54:00 2019 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1044840 Description: This update for cyrus-sasl provides the following fix: - Fix a problem that was causing syslog to be polluted with messages 'GSSAPI client step 1'. By server context the connection will be sent to the log function but the client content does not have log level information, so there is no way to stop DEBUG level logs. (bsc#1044840) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:713-1 Released: Fri Mar 22 15:55:05 2019 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1063675,1126590 Description: This update for glibc fixes the following issues: - Add MAP_SYNC from Linux 4.15 (bsc#1126590) - Add MAP_SHARED_VALIDATE from Linux 4.15 (bsc#1126590) - nptl: Preserve error in setxid thread broadcast in coredumps (bsc#1063675, BZ #22153) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:732-1 Released: Mon Mar 25 14:10:04 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1088524,1118364,1128246 Description: This update for aaa_base fixes the following issues: - Restore old position of ssh/sudo source of profile (bsc#1118364). - Update logic for JRE_HOME env variable (bsc#1128246) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:788-1 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1119687,CVE-2018-20346 Description: This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:791-1 Released: Thu Mar 28 12:06:50 2019 Summary: Security update for libnettle Type: recommended Severity: moderate References: 1129598 Description: This update for libnettle to version 3.4.1 fixes the following issues: Issues addressed and new features: - Updated to 3.4.1 (fate#327114 and bsc#1129598) - Fixed a missing break statements in the parsing of PEM input files in pkcs1-conv. - Fixed a link error on the pss-mgf1-test which was affecting builds without public key support. - All functions using RSA private keys are now side-channel silent. This applies both to the bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of PKCS#1 padding needed for RSA decryption. - Changes in behavior: The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message buffer, independent of the actual message length. They are side-channel silent, in that branches and memory accesses don't depend on the validity or length of the message. Side-channel leakage from the caller's use of length and return value may still provide an oracle useable for a Bleichenbacher-style chosen ciphertext attack. Which is why the new function rsa_sec_decrypt is recommended. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:858-1 Released: Wed Apr 3 15:50:37 2019 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1120689,1126096 Description: This update for libtirpc fixes the following issues: - Fix a yp_bind_client_create_v3: RPC: Unknown host error (bsc#1126096). - add an option to enforce connection via protocol version 2 first (bsc#1120689). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:866-1 Released: Thu Apr 4 11:24:48 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1120279,1125439 Description: This update for apparmor fixes the following issues: - Add /proc/pid/tcp and /proc/pid/tcp6 entries to the apparmor profile. (bsc#1125439) - allow network access and notify file creation/access (bsc#1120279) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:894-1 Released: Fri Apr 5 17:16:23 2019 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1119414,1126327,1129753,SLE-3853,SLE-4117 Description: This update for rpm fixes the following issues: - This update shortens RPM changelog to after a certain cut off date (bsc#1129753) - Translate dashes to underscores in kmod provides (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1119414). - Re-add symset-table from SLE 12 (bsc#1126327). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:903-1 Released: Mon Apr 8 15:41:44 2019 Summary: Security update for glibc Type: security Severity: moderate References: 1100396,1122729,1130045,CVE-2016-10739 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2016-10739: Fixed an improper implementation of getaddrinfo function which could allow applications to incorrectly assume that had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings (bsc#1122729). Other issue fixed: - Fixed an issue where pthread_mutex_trylock did not use a correct order of instructions while maintained the robust mutex list due to missing compiler barriers (bsc#1130045). - Added new Japanese Era name support (bsc#1100396). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1002-1 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1110304,1129576 Description: This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1040-1 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Type: security Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1121-1 Released: Tue Apr 30 18:02:43 2019 Summary: Security update for gnutls Type: security Severity: important References: 1118087,1130681,1130682,CVE-2018-16868,CVE-2019-3829,CVE-2019-3836 Description: This update for gnutls fixes to version 3.6.7 the following issues: Security issued fixed: - CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages (bsc#1130682). - CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API (bsc#1130681). - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (bsc#1118087) Non-security issue fixed: - Update gnutls to support TLS 1.3 (fate#327114) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1127-1 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 Description: This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1206-1 Released: Fri May 10 14:01:55 2019 Summary: Security update for bzip2 Type: security Severity: low References: 985657,CVE-2016-3189 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1312-1 Released: Wed May 22 12:19:12 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1096191 Description: This update for aaa_base fixes the following issue: * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1351-1 Released: Fri May 24 14:41:10 2019 Summary: Security update for gnutls Type: security Severity: important References: 1118087,1134856,CVE-2018-16868 Description: This update for gnutls fixes the following issues: Security issue fixed: - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed: - Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1357-1 Released: Mon May 27 13:29:15 2019 Summary: Security update for curl Type: security Severity: important References: 1135170,CVE-2019-5436 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1364-1 Released: Tue May 28 10:51:38 2019 Summary: Security update for systemd Type: security Severity: moderate References: 1036463,1121563,1124122,1125352,1125604,1126056,1127557,1130230,1132348,1132400,1132721,1133506,1133509,CVE-2019-3842,CVE-2019-3843,CVE-2019-3844,CVE-2019-6454,SLE-5933 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). - CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). - CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: - logind: fix killing of scopes (bsc#1125604) - namespace: make MountFlags=shared work again (bsc#1124122) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - Do not automatically online memory on s390x (bsc#1127557) - Removed sg.conf (bsc#1036463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1368-1 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Type: security Severity: important References: 1134524,CVE-2019-5021 Description: This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1372-1 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1105435,CVE-2018-1000654 Description: This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1484-1 Released: Thu Jun 13 07:46:46 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1128383 Description: This update for e2fsprogs fixes the following issues: - Check and fix tails of all bitmap blocks (bsc#1128383) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1486-1 Released: Thu Jun 13 09:40:24 2019 Summary: Security update for elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665 Description: This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1590-1 Released: Thu Jun 20 19:49:57 2019 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1128598 Description: This update for permissions fixes the following issues: - Added whitelisting for /usr/lib/singularity/bin/starter-suid in the new singularity 3.1 version. (bsc#1128598) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1595-1 Released: Fri Jun 21 10:17:44 2019 Summary: Security update for dbus-1 Type: security Severity: important References: 1137832,CVE-2019-12749 Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1631-1 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Type: recommended Severity: low References: 1135709 Description: This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1635-1 Released: Fri Jun 21 12:45:53 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1134217 Description: This update for krb5 provides the following fix: - Move LDAP schema files from /usr/share/doc/packages/krb5 to /usr/share/kerberos/ldap. (bsc#1134217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1700-1 Released: Tue Jun 25 13:19:21 2019 Summary: Security update for libssh Type: recommended Severity: moderate References: 1134193 Description: This update for libssh fixes the following issue: Issue addressed: - Added support for new AES-GCM encryption types (bsc#1134193). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1808-1 Released: Wed Jul 10 13:16:29 2019 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1133808 Description: This update for libgcrypt fixes the following issues: - Fixed redundant fips tests in some situations causing sudo to stop working when pam-kwallet is installed. bsc#1133808 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1835-1 Released: Fri Jul 12 18:06:31 2019 Summary: Security update for expat Type: security Severity: moderate References: 1139937,CVE-2018-20843 Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1846-1 Released: Mon Jul 15 11:36:33 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1853-1 Released: Mon Jul 15 16:03:36 2019 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1107617,1137053 Description: This update for systemd fixes the following issues: - conf-parse: remove 4K line length limit (bsc#1137053) - udevd: change the default value of udev.children-max (again) (bsc#1107617) - meson: stop creating enablement symlinks in /etc during installation (sequel) - Fixed build for openSUSE Leap 15+ - Make sure we don't ship any static enablement symlinks in /etc Those symlinks must only be created by the presets. There are no changes in practice since systemd/udev doesn't ship such symlinks in /etc but let's make sure no future changes will introduce new ones by mistake. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1877-1 Released: Thu Jul 18 11:31:46 2019 Summary: Security update for glibc Type: security Severity: moderate References: 1117993,1123710,1127223,1127308,1131330,CVE-2009-5155,CVE-2019-9169 Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Does no longer compress debug sections in crt*.o files (bsc#1123710) - Fixes a concurrency problem in ldconfig (bsc#1117993) - Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1971-1 Released: Thu Jul 25 14:58:52 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1138939,CVE-2019-12904 Description: This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1994-1 Released: Fri Jul 26 16:12:05 2019 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1135123 Description: This update for libxml2 fixes the following issues: - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2004-1 Released: Mon Jul 29 13:01:59 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2006-1 Released: Mon Jul 29 13:02:49 2019 Summary: Security update for gpg2 Type: security Severity: important References: 1124847,1141093,CVE-2019-13050 Description: This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed a denial of service attacks via big keys (bsc#1141093). Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2085-1 Released: Wed Aug 7 13:58:43 2019 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1135751 Description: This update for apparmor fixes the following issues: - Profile updates for dnsmasq, dovecot, identd, syslog-ng - Parser: fix 'Px -> foo-bar' (the '-' was rejected before) - Add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys. - Fix build with swig 4.0. (bsc#1135751) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2097-1 Released: Fri Aug 9 09:31:17 2019 Summary: Recommended update for libgcrypt Type: recommended Severity: important References: 1097073 Description: This update for libgcrypt fixes the following issues: - Fixed a regression where system were unable to boot in fips mode, caused by an incomplete implementation of previous change (bsc#1097073). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2134-1 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1136717,1137624,1141059,SLE-5807 Description: This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2188-1 Released: Wed Aug 21 10:10:29 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1140647 Description: This update for aaa_base fixes the following issues: - Make systemd detection cgroup oblivious. (bsc#1140647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2218-1 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Type: recommended Severity: moderate References: 1141883 Description: This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2241-1 Released: Wed Aug 28 14:58:49 2019 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1144169 Description: This update for ca-certificates-mozilla fixes the following issues: ca-certificates-mozillawas updated to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169) Removed CAs: - Certinomis - Root CA Includes new root CAs from the 2.32 version: - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2307-1 Released: Thu Sep 5 14:45:08 2019 Summary: Security update for util-linux and shadow Type: security Severity: moderate References: 1081947,1082293,1085196,1106214,1121197,1122417,1125886,1127701,1135534,1135708,1141113,353876 Description: This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Prevent outdated pam files (bsc#1082293). - De-duplicate fstrim -A properly (bsc#1127701). - Do not trim read-only volumes (bsc#1106214). - Integrate pam_keyinit pam module to login (bsc#1081947). - Perform one-time reset of /etc/default/su (bsc#1121197). - Fix problems in reading of login.defs values (bsc#1121197) - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add RemainAfterExit=yes (bsc#1135534). - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - libmount: print a blacklist hint for 'unknown filesystem type' (jsc#SUSE-4085, fate#326832) - Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197). shadow: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Fix segfault in useradd during setting password inactivity period. (bsc#1141113) - Hardening for su wrappers (bsc#353876) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2361-1 Released: Thu Sep 12 07:54:54 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1081947,1144047 Description: This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2367-1 Released: Thu Sep 12 12:59:37 2019 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1122666,1135984,1137296 Description: This update for lvm2 fixes the following issues: - Fix unknown feature in status message (bsc#1135984) - Fix using device aliases with lvmetad (bsc#1137296) - Fix devices drop open error message (bsc#1122666) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2373-1 Released: Thu Sep 12 14:18:53 2019 Summary: Security update for curl Type: security Severity: important References: 1149495,1149496,CVE-2019-5481,CVE-2019-5482 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2395-1 Released: Wed Sep 18 08:31:38 2019 Summary: Security update for openldap2 Type: security Severity: moderate References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565 Description: This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2403-1 Released: Wed Sep 18 16:14:29 2019 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1150003,1150250,CVE-2019-1547,CVE-2019-1563 Description: This update for openssl-1_1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2423-1 Released: Fri Sep 20 16:41:45 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1146866,SLE-9132 Description: This update for aaa_base fixes the following issues: Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132) Following settings have been tightened (and set to 0): - net.ipv4.conf.all.accept_redirects - net.ipv4.conf.default.accept_redirects - net.ipv4.conf.default.accept_source_route - net.ipv6.conf.all.accept_redirects - net.ipv6.conf.default.accept_redirects ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2429-1 Released: Mon Sep 23 09:28:40 2019 Summary: Security update for expat Type: security Severity: moderate References: 1149429,CVE-2019-15903 Description: This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2517-1 Released: Wed Oct 2 10:49:20 2019 Summary: Security update for libseccomp Type: security Severity: moderate References: 1082318,1128828,1142614,CVE-2019-9893 Description: This update for libseccomp fixes the following issues: Security issues fixed: - CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828) libseccomp was updated to new upstream release 2.4.1: - Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893): - Update the syscall table for Linux v5.0-rc5 - Added support for the SCMP_ACT_KILL_PROCESS action - Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute - Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension - Added support for the parisc and parisc64 architectures - Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) - Return -EDOM on an endian mismatch when adding an architecture to a filter - Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() - Fix PFC generation when a syscall is prioritized, but no rule exists - Numerous fixes to the seccomp-bpf filter generation code - Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 - Numerous tests added to the included test suite, coverage now at ~92% - Update our Travis CI configuration to use Ubuntu 16.04 - Numerous documentation fixes and updates libseccomp was updated to release 2.3.3: - Updated the syscall table for Linux v4.15-rc7 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2533-1 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1150137,CVE-2019-16168 Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2626-1 Released: Thu Oct 10 17:22:35 2019 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1110797 Description: This update for permissions fixes the following issues: - Updated permissons for amanda. (bsc#1110797) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2676-1 Released: Tue Oct 15 21:06:54 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1145716,1152101,CVE-2019-5094 Description: This update for e2fsprogs fixes the following issues: Security issue fixed: - CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101) Non-security issue fixed: - libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 Description: This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2742-1 Released: Tue Oct 22 15:40:16 2019 Summary: Recommended update for libzypp, zypper, libsolv and PackageKit Type: recommended Severity: important References: 1049825,1116995,1120629,1120630,1120631,1127155,1127608,1130306,1131113,1131823,1134226,1135749,1137977,1139795,1140039,1145521,1146027,1146415,1146947,1153557,859480,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 Description: This update for libzypp, zypper, libsolv and PackageKit fixes the following issues: Security issues fixed in libsolv: - CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629). - CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630). - CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631). Other issues addressed in libsolv: - Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749). - Fixed an issue with the package name (bsc#1131823). - repo_add_rpmdb: do not copy bad solvables from the old solv file - Fixed an issue with cleandeps updates in which all packages were not updated - Experimental DISTTYPE_CONDA and REL_CONDA support - Fixed cleandeps jobs when using patterns (bsc#1137977) - Fixed favorq leaking between solver runs if the solver is reused - Fixed SOLVER_FLAG_FOCUS_BEST updateing packages without reason - Be more correct with multiversion packages that obsolete their own name (bnc#1127155) - Fix repository priority handling for multiversion packages - Make code compatible with swig 4.0, remove obj0 instances - repo2solv: support zchunk compressed data - Remove NO_BRP_STRIP_DEBUG=true as brp-15-strip-debug will not strip debug info for archives Issues fixed in libzypp: - Fix empty metalink downloads if filesize is unknown (bsc#1153557) - Recognize riscv64 as architecture - Fix installation of new header file (fixes #185) - zypp.conf: Introduce `solver.focus` to define the resolvers general attitude when resolving jobs. (bsc#1146415) - New container detection algorithm for zypper ps (bsc#1146947) - Fix leaking filedescriptors in MediaCurl. (bsc#1116995) - Run file conflict check on dry-run. (bsc#1140039) - Do not remove orphan products if the .prod file is owned by a package. (bsc#1139795) - Rephrase file conflict check summary. (bsc#1140039) - Fix bash completions option detection. (bsc#1049825) - Fixes a bug where zypper exited on SIGPIPE when downloading packages (bsc#1145521) - Fixes an issue where zypper exited with a segmentation fault when updating via YaST2 (bsc#1146027) - PublicKey::algoName: supply key algorithm and length Issues fixed in zypper: - Update to version 1.14.30 - Ignore SIGPIPE while STDOUT/STDERR are OK (bsc#1145521) - Dump stacktrace on SIGPIPE (bsc#1145521) - info: The requested info must be shown in QUIET mode (fixes #287) - Fix local/remote url classification. - Rephrase file conflict check summary (bsc#1140039) - Fix bash completions option detection (bsc#1049825) - man: split '--with[out]' like options to ease searching. - Unhided 'ps' command in help - Added option to show more conflict information - Rephrased `zypper ps` hint (bsc#859480) - Fixed repo refresh not returning 106-ZYPPER_EXIT_INF_REPOS_SKIPPED if --root is used (bsc#1134226) - Fixed unknown package handling in zypper install (bsc#1127608) - Re-show progress bar after pressing retry upon install error (bsc#1131113) Issues fixed in PackageKit: - Port the cron configuration variables to the systemd timer script, and add -sendwait parameter to mail in the script(bsc#1130306). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2757-1 Released: Wed Oct 23 17:21:17 2019 Summary: Security update for lz4 Type: security Severity: moderate References: 1153936,CVE-2019-17543 Description: This update for lz4 fixes the following issues: - CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2812-1 Released: Tue Oct 29 14:57:55 2019 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1139459,1140631,1145023,1150595,SLE-7687 Description: This update for systemd provides the following fixes: - Fix a problem that would cause invoking try-restart to an inactive service to hang when a daemon-reload is invoked before the try-restart returned. (bsc#1139459) - man: Add a note about _netdev usage. - units: Replace remote-cryptsetup-pre.target with remote-fs-pre.target. - units: Add [Install] section to remote-cryptsetup.target. - cryptsetup: Ignore _netdev, since it is used in generator. - cryptsetup-generator: Use remote-cryptsetup.target when _netdev is present. (jsc#SLE-7687) - cryptsetup-generator: Add a helper utility to create symlinks. - units: Add remote-cryptsetup.target and remote-cryptsetup-pre.target. - man: Add an explicit description of _netdev to systemd.mount(5). - man: Order fields alphabetically in crypttab(5). - man: Make crypttab(5) a bit easier to read. - units: Order cryptsetup-pre.target before cryptsetup.target. - Fix reporting of enabled-runtime units. - sd-bus: Deal with cookie overruns. (bsc#1150595) - rules: Add by-id symlinks for persistent memory. (bsc#1140631) - Buildrequire polkit so /usr/share/polkit-1/rules.d subdir can be only owned by polkit. (bsc#1145023) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2870-1 Released: Thu Oct 31 08:09:14 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1051143,1138869,1151023 Description: This update for aaa_base provides the following fixes: - Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869) - Add s390x compressed kernel support. (bsc#1151023) - service: Check if there is a second argument before using it. (bsc#1051143) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2418-1 Released: Thu Nov 14 11:53:03 2019 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1133773,1143055 Description: This update for bash fixes the following issues: - Rework patch readline-7.0-screen (bsc#1143055): map all 'screen(-xxx)?.yyy(-zzz)?' to 'screen' as well as map 'konsole(-xxx)?' and 'gnome(-xxx)?' to 'xterm' - Add a backport from bash 5.0 to perform better with large numbers of sub processes. (bsc#1133773) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2980-1 Released: Thu Nov 14 22:45:33 2019 Summary: Optional update for curl Type: optional Severity: low References: 1154019 Description: This update for curl doesn't address any user visible issues. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2997-1 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Type: security Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3010-1 Released: Tue Nov 19 18:10:58 2019 Summary: Recommended update for zypper and libsolv Type: recommended Severity: moderate References: 1145554,1146415,1149511,1153351,SLE-9171 Description: This update for zypper and libsolv fixes the following issues: Package: zypper - Improved the documentation of $releasever and --releasever usescases (bsc#1149511) - zypper will now ask only once when multiple packages share the same license text (bsc#1145554) - Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus mode when resolving jobs (bsc#1146415) - Fixes an issue where 'zypper lu' didn't list all available package updates (bsc#1153351) - Added a new --repo option to the 'download' command to allow to specify a repository (jsc#SLE-9171) Package: libsolv - Fixes issues when updating too many packages in focusbest mode - Fixes the handling of disabled and installed packages in distupgrade ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3040-1 Released: Fri Nov 22 11:59:52 2019 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1145231 Description: This update for lvm2 fixes the following issues: - Adds a fix to detect MD devices by LVM2 with metadata=1.0/0.9 (bsc#1145231) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3059-1 Released: Mon Nov 25 17:33:07 2019 Summary: Security update for cpio Type: security Severity: moderate References: 1155199,CVE-2019-14866 Description: This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3061-1 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Type: security Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 Description: This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3070-1 Released: Tue Nov 26 12:39:29 2019 Summary: Recommended update for gpg2 Type: recommended Severity: low References: 1152755 Description: This update for gpg2 provides the following fix: - Remove a build requirement on self. This is causing Leap 15.2 bootstrap to fail. (bsc#1152755) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 Description: This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3087-1 Released: Thu Nov 28 10:03:00 2019 Summary: Security update for libxml2 Type: security Severity: low References: 1123919 Description: This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3118-1 Released: Fri Nov 29 14:41:35 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1154295 Description: This update for e2fsprogs fixes the following issues: - Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3166-1 Released: Wed Dec 4 11:24:42 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1007715,1084934,1157278 Description: This update for aaa_base fixes the following issues: - Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934) - Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715) - Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3181-1 Released: Thu Dec 5 11:43:07 2019 Summary: Security update for permissions Type: security Severity: moderate References: 1093414,1150734,1157198,CVE-2019-3688,CVE-2019-3690 Description: This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused sagmentation fault (bsc#1157198). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3240-1 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Type: recommended Severity: moderate References: 1154871 Description: This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3267-1 Released: Wed Dec 11 11:19:53 2019 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3343-1 Released: Thu Dec 19 11:05:27 2019 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1155668 Description: This update for lvm2 fixes the following issues: - Fix seeing a 90 Second delay during shutdown and reboot. (bsc#1155668) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3392-1 Released: Fri Dec 27 13:33:29 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1148987,1155338,1155339,CVE-2019-13627 Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987). Bug fixes: - Added CMAC AES self test (bsc#1155339). - Added CMAC TDES self test missing (bsc#1155338). - Fix test dsa-rfc6979 in FIPS mode. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:69-1 Released: Fri Jan 10 12:33:59 2020 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1155346,1157775,1158101,1158809,CVE-2019-1551,SLE-8789 Description: This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Various FIPS related improvements were done: - FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775). - Port FIPS patches from SLE-12 (bsc#1158101). - Use SHA-2 in the RSA pairwise consistency check (bsc#1155346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:129-1 Released: Mon Jan 20 09:21:13 2020 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:256-1 Released: Wed Jan 29 09:39:17 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1157794,1160970 Description: This update for aaa_base fixes the following issues: - Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794) - Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:262-1 Released: Thu Jan 30 11:02:42 2020 Summary: Security update for glibc Type: security Severity: moderate References: 1149332,1151582,1157292,1157893,1158996,CVE-2019-19126 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292). Bug fixes: - Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893). - Fixed Hardware support in toolchain (bsc#1151582). - Fixed syscalls during early process initialization (SLE-8348). - Fixed an array overflow in backtrace for PowerPC (bsc#1158996). - Moved to posix_spawn on popen (bsc#1149332). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:265-1 Released: Thu Jan 30 14:05:34 2020 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1160571,CVE-2019-5188 Description: This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:279-1 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1013125 Description: This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:335-1 Released: Thu Feb 6 11:37:24 2020 Summary: Security update for systemd Type: security Severity: important References: 1084671,1092920,1106383,1133495,1151377,1154256,1155207,1155574,1156213,1156482,1158485,1159814,1161436,1162108,CVE-2019-20386,CVE-2020-1712 Description: This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) - bus_open leak sd_event_source when udevadm trigger??? (bsc#1161436 CVE-2019-20386) - fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) - fileio: initialize errno to zero before we do fread() - fileio: try to read one byte too much in read_full_stream() - logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485) - logind: never elect a session that is stopping as display - journal: include kmsg lines from the systemd process which exec()d us (#8078) - udevd: don't use monitor after manager_exit() - udevd: capitalize log messages in on_sigchld() - udevd: merge conditions to decrease indentation - Revert 'udevd: fix crash when workers time out after exit is signal caught' - core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482) - udevd: fix crash when workers time out after exit is signal caught - udevd: wait for workers to finish when exiting (bsc#1106383) - Improve bash completion support (bsc#1155207) * shell-completion: systemctl: do not list template units in {re,}start * shell-completion: systemctl: pass current word to all list_unit* * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207) * bash-completion: systemctl: use systemctl --no-pager * bash-completion: also suggest template unit files * bash-completion: systemctl: add missing options and verbs * bash-completion: use the first argument instead of the global variable (#6457) - networkd: VXLan Make group and remote variable separate (bsc#1156213) - networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213) - fs-util: let's avoid unnecessary strerror() - fs-util: introduce inotify_add_watch_and_warn() helper - ask-password: improve log message when inotify limit is reached (bsc#1155574) - shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377) - man: alias names can't be used with enable command (bsc#1151377) - Add boot option to not use swap at system start (jsc#SLE-7689) - Allow YaST to select Iranian (Persian, Farsi) keyboard layout (bsc#1092920) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:339-1 Released: Thu Feb 6 13:03:22 2020 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1158921 Description: This update for openldap2 provides the following fix: - Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:368-1 Released: Fri Feb 7 13:49:41 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1150021 Description: This update for lvm2 fixes the following issues: - Fix for LVM in KVM: The scsi presistent reservation scenario can trigger and error during LVM actions. (bsc#1150021) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:386-1 Released: Mon Feb 17 11:41:23 2020 Summary: Skuba bug fix, supportconfig update, cri-o and kubernetes fixes, and prometheus fixes Type: recommended Severity: important References: 1137337,1152335,1155323,1155593,1155810,1157802,1159074,1159452,1160443,1160600,1161056,1161179,1161975 Description: = Required Actions Update skuba, kubernetes-client and kubernetes-kubeadm packages on your management workstation as you would do with any other package. Refer to: https://documentation.suse.com/sles/15-SP1/single-html/SLES-admin/#sec-zypper-softup-update Packages on your cluster nodes (cri-o, kubernetes, supportutils-plugin-suse-caasp) will be updated automatically by skuba-update link:https://documentation.suse.com/suse-caasp/4.1/html/caasp-admin/_cluster_updates.html#_base_os_updates Use `helm upgrade` command to fix prometheus kube-state-metrics image. Finally, to apply the prometheus pushgateway fix, enable it in your helm chart https://github.com/SUSE/kubernetes-charts-suse-com/blob/master/stable/prometheus/values.yaml#L848 and use helm ugrade command link:https://helm.sh/docs/intro/using_helm/#helm-upgrade-and-helm-rollback-upgrading-a-release-and-recovering-on-failure. From sle-updates at lists.suse.com Mon Feb 17 07:11:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Feb 2020 15:11:20 +0100 (CET) Subject: SUSE-RU-2020:0386-1: important: Skuba bug fix, supportconfig update, cri-o and kubernetes fixes, and prometheus fixes Message-ID: <20200217141120.9B935F798@maintenance.suse.de> SUSE Recommended Update: Skuba bug fix, supportconfig update, cri-o and kubernetes fixes, and prometheus fixes ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0386-1 Rating: important References: #1137337 #1152335 #1155323 #1155593 #1155810 #1157802 #1159074 #1159452 #1160443 #1160600 #1161056 #1161179 #1161975 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP1 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: = Required Actions Update skuba, kubernetes-client and kubernetes-kubeadm packages on your management workstation as you would do with any other package. Refer to: https://documentation.suse.com/sles/15-SP1/single-html/SLES-admin/#sec-zypp er-softup-update Packages on your cluster nodes (cri-o, kubernetes, supportutils-plugin-suse-caasp) will be updated automatically by skuba-update link:https://documentation.suse.com/suse-caasp/4.1/html/caasp-admin/_cluste r_updates.html#_base_os_updates Use `helm upgrade` command to fix prometheus kube-state-metrics image. Finally, to apply the prometheus pushgateway fix, enable it in your helm chart https://github.com/SUSE/kubernetes-charts-suse-com/blob/master/stable/prome theus/values.yaml#L848 and use helm ugrade command link:https://helm.sh/docs/intro/using_helm/#helm-upgrade-and-helm-rollback- upgrading-a-release-and-recovering-on-failure. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-386=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Module for Containers 15-SP1 (x86_64): kubernetes-client-1.16.2-4.10.4 kubernetes-common-1.16.2-4.10.4 - SUSE CaaS Platform 4.0 (x86_64): caasp-release-4.1.1-24.14.3 cri-o-1.16.1-3.25.5 cri-o-kubeadm-criconfig-1.16.1-3.25.5 kubernetes-client-1.16.2-4.10.4 kubernetes-common-1.16.2-4.10.4 kubernetes-kubeadm-1.16.2-4.10.4 kubernetes-kubelet-1.16.2-4.10.4 skuba-1.2.4-3.24.4 - SUSE CaaS Platform 4.0 (noarch): release-notes-caasp-4.1.20200203-4.24.1 skuba-update-1.2.4-3.24.4 supportutils-plugin-suse-caasp-1578648161.eba458c-3.3.4 References: https://bugzilla.suse.com/1137337 https://bugzilla.suse.com/1152335 https://bugzilla.suse.com/1155323 https://bugzilla.suse.com/1155593 https://bugzilla.suse.com/1155810 https://bugzilla.suse.com/1157802 https://bugzilla.suse.com/1159074 https://bugzilla.suse.com/1159452 https://bugzilla.suse.com/1160443 https://bugzilla.suse.com/1160600 https://bugzilla.suse.com/1161056 https://bugzilla.suse.com/1161179 https://bugzilla.suse.com/1161975 From sle-updates at lists.suse.com Mon Feb 17 10:11:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Feb 2020 18:11:14 +0100 (CET) Subject: SUSE-SU-2020:0388-1: important: Security update for xen Message-ID: <20200217171114.44777F798@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0388-1 Rating: important References: #1115045 #1126140 #1126141 #1126192 #1126195 #1126196 #1126201 #1135905 #1143797 #1145652 #1146874 #1149813 #1152497 #1154448 #1154456 #1154458 #1154461 #1155945 #1157888 #1158003 #1158004 #1158005 #1158006 #1158007 #1161181 Cross-References: CVE-2018-12207 CVE-2018-19965 CVE-2019-11135 CVE-2019-12067 CVE-2019-12068 CVE-2019-12155 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17347 CVE-2019-18420 CVE-2019-18421 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19583 CVE-2020-7211 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2018-12207: Fixed a race condition where untrusted virtual machines could have been using the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional (bsc#1155945 XSA-304). - CVE-2018-19965: Fixed a DoS from attempting to use INVPCID with a non-canonical addresses (bsc#1115045 XSA-279). - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate side-channel information leaks out of microarchitectural buffers, similar to the previously described "Microarchitectural Data Sampling" attack. (bsc#1152497 XSA-305). - CVE-2019-12067: Fixed a null pointer dereference in QEMU AHCI (bsc#1145652). - CVE-2019-12068: Fixed an infinite loop while executing script (bsc#1146874). - CVE-2019-12155: Fixed a null pointer dereference while releasing spice resources (bsc#1135905). - CVE-2019-14378: Fixed a heap buffer overflow during packet reassembly in slirp networking implementation (bsc#1143797). - CVE-2019-15890: Fixed a use-after-free during packet reassembly (bsc#1149813). - CVE-2019-17340: Fixed grant table transfer issues on large hosts (XSA-284 bsc#1126140). - CVE-2019-17341: Fixed a race with pass-through device hotplug (XSA-285 bsc#1126141). - CVE-2019-17342: Fixed steal_page violating page_struct access discipline (XSA-287 bsc#1126192). - CVE-2019-17343: Fixed an inconsistent PV IOMMU discipline (XSA-288 bsc#1126195). - CVE-2019-17344: Fixed a missing preemption in x86 PV page table unvalidation (XSA-290 bsc#1126196). - CVE-2019-17347: Fixed a PV kernel context switch corruption (XSA-293 bsc#1126201). - CVE-2019-18420: Fixed a hypervisor crash that could be caused by malicious x86 PV guests, resulting in a denial of service (bsc#1154448 XSA-296). - CVE-2019-18421: Fixed a privilege escalation through malicious PV guest administrators (bsc#1154458 XSA-299). - CVE-2019-18424: Fixed a privilege escalation through DMA to physical devices by untrusted domains (bsc#1154461 XSA-302). - CVE-2019-18425: Fixed a privilege escalation from 32-bit PV guest used mode (bsc#1154456 XSA-298). - CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). - CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309). - CVE-2019-19579: Fixed a privilege escalation where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306). - CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310). - CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307). - CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest, leading to a guest denial of service (bsc#1158004 XSA-308). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-388=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-388=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): xen-4.5.5_28-22.64.1 xen-debugsource-4.5.5_28-22.64.1 xen-doc-html-4.5.5_28-22.64.1 xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1 xen-kmp-default-debuginfo-4.5.5_28_k3.12.74_60.64.124-22.64.1 xen-libs-32bit-4.5.5_28-22.64.1 xen-libs-4.5.5_28-22.64.1 xen-libs-debuginfo-32bit-4.5.5_28-22.64.1 xen-libs-debuginfo-4.5.5_28-22.64.1 xen-tools-4.5.5_28-22.64.1 xen-tools-debuginfo-4.5.5_28-22.64.1 xen-tools-domU-4.5.5_28-22.64.1 xen-tools-domU-debuginfo-4.5.5_28-22.64.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): xen-4.5.5_28-22.64.1 xen-debugsource-4.5.5_28-22.64.1 xen-doc-html-4.5.5_28-22.64.1 xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1 xen-kmp-default-debuginfo-4.5.5_28_k3.12.74_60.64.124-22.64.1 xen-libs-32bit-4.5.5_28-22.64.1 xen-libs-4.5.5_28-22.64.1 xen-libs-debuginfo-32bit-4.5.5_28-22.64.1 xen-libs-debuginfo-4.5.5_28-22.64.1 xen-tools-4.5.5_28-22.64.1 xen-tools-debuginfo-4.5.5_28-22.64.1 xen-tools-domU-4.5.5_28-22.64.1 xen-tools-domU-debuginfo-4.5.5_28-22.64.1 References: https://www.suse.com/security/cve/CVE-2018-12207.html https://www.suse.com/security/cve/CVE-2018-19965.html https://www.suse.com/security/cve/CVE-2019-11135.html https://www.suse.com/security/cve/CVE-2019-12067.html https://www.suse.com/security/cve/CVE-2019-12068.html https://www.suse.com/security/cve/CVE-2019-12155.html https://www.suse.com/security/cve/CVE-2019-14378.html https://www.suse.com/security/cve/CVE-2019-15890.html https://www.suse.com/security/cve/CVE-2019-17340.html https://www.suse.com/security/cve/CVE-2019-17341.html https://www.suse.com/security/cve/CVE-2019-17342.html https://www.suse.com/security/cve/CVE-2019-17343.html https://www.suse.com/security/cve/CVE-2019-17344.html https://www.suse.com/security/cve/CVE-2019-17347.html https://www.suse.com/security/cve/CVE-2019-18420.html https://www.suse.com/security/cve/CVE-2019-18421.html https://www.suse.com/security/cve/CVE-2019-18424.html https://www.suse.com/security/cve/CVE-2019-18425.html https://www.suse.com/security/cve/CVE-2019-19577.html https://www.suse.com/security/cve/CVE-2019-19578.html https://www.suse.com/security/cve/CVE-2019-19579.html https://www.suse.com/security/cve/CVE-2019-19580.html https://www.suse.com/security/cve/CVE-2019-19581.html https://www.suse.com/security/cve/CVE-2019-19583.html https://www.suse.com/security/cve/CVE-2020-7211.html https://bugzilla.suse.com/1115045 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1135905 https://bugzilla.suse.com/1143797 https://bugzilla.suse.com/1145652 https://bugzilla.suse.com/1146874 https://bugzilla.suse.com/1149813 https://bugzilla.suse.com/1152497 https://bugzilla.suse.com/1154448 https://bugzilla.suse.com/1154456 https://bugzilla.suse.com/1154458 https://bugzilla.suse.com/1154461 https://bugzilla.suse.com/1155945 https://bugzilla.suse.com/1157888 https://bugzilla.suse.com/1158003 https://bugzilla.suse.com/1158004 https://bugzilla.suse.com/1158005 https://bugzilla.suse.com/1158006 https://bugzilla.suse.com/1158007 https://bugzilla.suse.com/1161181 From sle-updates at lists.suse.com Mon Feb 17 10:15:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Feb 2020 18:15:55 +0100 (CET) Subject: SUSE-RU-2020:0387-1: Recommended update for release-notes-caasp Message-ID: <20200217171555.C3A4FF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-caasp ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0387-1 Rating: low References: #1163021 Affected Products: SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This patch updates the release notes of SUSE CaaS Platform 4 to version 4.1.1 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.0 (noarch): release-notes-caasp-4.1.20200206-4.23.3 References: https://bugzilla.suse.com/1163021 From sle-updates at lists.suse.com Tue Feb 18 07:12:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Feb 2020 15:12:21 +0100 (CET) Subject: SUSE-SU-2020:0390-1: important: Security update for sudo Message-ID: <20200218141221.277ABF798@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0390-1 Rating: important References: #1162202 Cross-References: CVE-2019-18634 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issue: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-390=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-390=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): sudo-1.8.10p3-2.32.1 sudo-debuginfo-1.8.10p3-2.32.1 sudo-debugsource-1.8.10p3-2.32.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): sudo-1.8.10p3-2.32.1 sudo-debuginfo-1.8.10p3-2.32.1 sudo-debugsource-1.8.10p3-2.32.1 References: https://www.suse.com/security/cve/CVE-2019-18634.html https://bugzilla.suse.com/1162202 From sle-updates at lists.suse.com Tue Feb 18 07:11:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Feb 2020 15:11:43 +0100 (CET) Subject: SUSE-RU-2020:0392-1: moderate: Recommended update for lifecycle-data-sle-live-patching Message-ID: <20200218141143.5CEF9F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0392-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-live-patching fixes the following issues: - Added data for 4_12_14-120, 4_12_14-122_12, 4_12_14-122_7, 4_12_14-95_45, 4_4_180-94_113. (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-392=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-391=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-391=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2020-391=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2020-391=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-4.24.1 - SUSE Linux Enterprise Live Patching 12-SP5 (noarch): lifecycle-data-sle-live-patching-1-10.56.1 - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.56.1 - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.56.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.56.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Tue Feb 18 10:11:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Feb 2020 18:11:35 +0100 (CET) Subject: SUSE-SU-2019:2820-2: important: Security update for dbus-1 Message-ID: <20200218171135.55CCCF798@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2820-2 Rating: important References: #1137832 Cross-References: CVE-2019-12749 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-373=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-373=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-373=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-373=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-373=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): dbus-1-1.8.22-29.17.12 dbus-1-debuginfo-1.8.22-29.17.12 dbus-1-debugsource-1.8.22-29.17.7 dbus-1-x11-1.8.22-29.17.12 dbus-1-x11-debuginfo-1.8.22-29.17.12 dbus-1-x11-debugsource-1.8.22-29.17.12 libdbus-1-3-1.8.22-29.17.7 libdbus-1-3-32bit-1.8.22-29.17.7 libdbus-1-3-debuginfo-1.8.22-29.17.7 libdbus-1-3-debuginfo-32bit-1.8.22-29.17.7 - SUSE OpenStack Cloud 8 (x86_64): dbus-1-1.8.22-29.17.12 dbus-1-debuginfo-1.8.22-29.17.12 dbus-1-debugsource-1.8.22-29.17.7 dbus-1-x11-1.8.22-29.17.12 dbus-1-x11-debuginfo-1.8.22-29.17.12 dbus-1-x11-debugsource-1.8.22-29.17.12 libdbus-1-3-1.8.22-29.17.7 libdbus-1-3-32bit-1.8.22-29.17.7 libdbus-1-3-debuginfo-1.8.22-29.17.7 libdbus-1-3-debuginfo-32bit-1.8.22-29.17.7 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): dbus-1-1.8.22-29.17.12 dbus-1-debuginfo-1.8.22-29.17.12 dbus-1-debugsource-1.8.22-29.17.7 dbus-1-x11-1.8.22-29.17.12 dbus-1-x11-debuginfo-1.8.22-29.17.12 dbus-1-x11-debugsource-1.8.22-29.17.12 libdbus-1-3-1.8.22-29.17.7 libdbus-1-3-debuginfo-1.8.22-29.17.7 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libdbus-1-3-32bit-1.8.22-29.17.7 libdbus-1-3-debuginfo-32bit-1.8.22-29.17.7 - SUSE Enterprise Storage 5 (aarch64 x86_64): dbus-1-1.8.22-29.17.12 dbus-1-debuginfo-1.8.22-29.17.12 dbus-1-debugsource-1.8.22-29.17.7 dbus-1-x11-1.8.22-29.17.12 dbus-1-x11-debuginfo-1.8.22-29.17.12 dbus-1-x11-debugsource-1.8.22-29.17.12 libdbus-1-3-1.8.22-29.17.7 libdbus-1-3-debuginfo-1.8.22-29.17.7 - SUSE Enterprise Storage 5 (x86_64): libdbus-1-3-32bit-1.8.22-29.17.7 libdbus-1-3-debuginfo-32bit-1.8.22-29.17.7 - HPE Helion Openstack 8 (x86_64): dbus-1-1.8.22-29.17.12 dbus-1-debuginfo-1.8.22-29.17.12 dbus-1-debugsource-1.8.22-29.17.7 dbus-1-x11-1.8.22-29.17.12 dbus-1-x11-debuginfo-1.8.22-29.17.12 dbus-1-x11-debugsource-1.8.22-29.17.12 libdbus-1-3-1.8.22-29.17.7 libdbus-1-3-32bit-1.8.22-29.17.7 libdbus-1-3-debuginfo-1.8.22-29.17.7 libdbus-1-3-debuginfo-32bit-1.8.22-29.17.7 References: https://www.suse.com/security/cve/CVE-2019-12749.html https://bugzilla.suse.com/1137832 From sle-updates at lists.suse.com Tue Feb 18 10:14:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Feb 2020 18:14:41 +0100 (CET) Subject: SUSE-SU-2020:0394-1: moderate: Security update for gcc9 Message-ID: <20200218171441.9F36CF798@maintenance.suse.de> SUSE Security Update: Security update for gcc9 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0394-1 Rating: moderate References: #1114592 #1135254 #1141897 #1142649 #1142654 #1148517 #1149145 Cross-References: CVE-2019-14250 CVE-2019-15847 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Toolchain 12 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has 5 fixes is now available. Description: This update for gcc9 fixes the following issues: The GNU Compiler Collection is shipped in version 9. A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html The compilers have been added to the SUSE Linux Enterprise Toolchain Module. To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9 CXX=g++-9 set. For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and other compiler libraries have been switched from their gcc8 variants to their gcc9 variants. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-394=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-394=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-394=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-394=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-394=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-394=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-394=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-394=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-394=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-394=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-394=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-394=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-394=1 - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2020-394=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-394=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-394=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 libasan5-32bit-9.2.1+r275327-1.3.9 libasan5-32bit-debuginfo-9.2.1+r275327-1.3.9 libasan5-9.2.1+r275327-1.3.9 libasan5-debuginfo-9.2.1+r275327-1.3.9 libatomic1-32bit-9.2.1+r275327-1.3.9 libatomic1-32bit-debuginfo-9.2.1+r275327-1.3.9 libatomic1-9.2.1+r275327-1.3.9 libatomic1-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-32bit-9.2.1+r275327-1.3.9 libgcc_s1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-9.2.1+r275327-1.3.9 libgcc_s1-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-32bit-9.2.1+r275327-1.3.9 libgfortran5-32bit-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-9.2.1+r275327-1.3.9 libgfortran5-debuginfo-9.2.1+r275327-1.3.9 libgo14-32bit-9.2.1+r275327-1.3.9 libgo14-32bit-debuginfo-9.2.1+r275327-1.3.9 libgo14-9.2.1+r275327-1.3.9 libgo14-debuginfo-9.2.1+r275327-1.3.9 libgomp1-32bit-9.2.1+r275327-1.3.9 libgomp1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgomp1-9.2.1+r275327-1.3.9 libgomp1-debuginfo-9.2.1+r275327-1.3.9 libitm1-32bit-9.2.1+r275327-1.3.9 libitm1-32bit-debuginfo-9.2.1+r275327-1.3.9 libitm1-9.2.1+r275327-1.3.9 libitm1-debuginfo-9.2.1+r275327-1.3.9 liblsan0-9.2.1+r275327-1.3.9 liblsan0-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-32bit-9.2.1+r275327-1.3.9 libquadmath0-32bit-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-9.2.1+r275327-1.3.9 libquadmath0-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-32bit-9.2.1+r275327-1.3.9 libstdc++6-32bit-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-9.2.1+r275327-1.3.9 libstdc++6-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-locale-9.2.1+r275327-1.3.9 libtsan0-9.2.1+r275327-1.3.9 libtsan0-debuginfo-9.2.1+r275327-1.3.9 libubsan1-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-debuginfo-9.2.1+r275327-1.3.9 libubsan1-9.2.1+r275327-1.3.9 libubsan1-debuginfo-9.2.1+r275327-1.3.9 - SUSE OpenStack Cloud 8 (x86_64): gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 libasan5-32bit-9.2.1+r275327-1.3.9 libasan5-32bit-debuginfo-9.2.1+r275327-1.3.9 libasan5-9.2.1+r275327-1.3.9 libasan5-debuginfo-9.2.1+r275327-1.3.9 libatomic1-32bit-9.2.1+r275327-1.3.9 libatomic1-32bit-debuginfo-9.2.1+r275327-1.3.9 libatomic1-9.2.1+r275327-1.3.9 libatomic1-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-32bit-9.2.1+r275327-1.3.9 libgcc_s1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-9.2.1+r275327-1.3.9 libgcc_s1-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-32bit-9.2.1+r275327-1.3.9 libgfortran5-32bit-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-9.2.1+r275327-1.3.9 libgfortran5-debuginfo-9.2.1+r275327-1.3.9 libgo14-32bit-9.2.1+r275327-1.3.9 libgo14-32bit-debuginfo-9.2.1+r275327-1.3.9 libgo14-9.2.1+r275327-1.3.9 libgo14-debuginfo-9.2.1+r275327-1.3.9 libgomp1-32bit-9.2.1+r275327-1.3.9 libgomp1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgomp1-9.2.1+r275327-1.3.9 libgomp1-debuginfo-9.2.1+r275327-1.3.9 libitm1-32bit-9.2.1+r275327-1.3.9 libitm1-32bit-debuginfo-9.2.1+r275327-1.3.9 libitm1-9.2.1+r275327-1.3.9 libitm1-debuginfo-9.2.1+r275327-1.3.9 liblsan0-9.2.1+r275327-1.3.9 liblsan0-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-32bit-9.2.1+r275327-1.3.9 libquadmath0-32bit-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-9.2.1+r275327-1.3.9 libquadmath0-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-32bit-9.2.1+r275327-1.3.9 libstdc++6-32bit-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-9.2.1+r275327-1.3.9 libstdc++6-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-locale-9.2.1+r275327-1.3.9 libtsan0-9.2.1+r275327-1.3.9 libtsan0-debuginfo-9.2.1+r275327-1.3.9 libubsan1-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-debuginfo-9.2.1+r275327-1.3.9 libubsan1-9.2.1+r275327-1.3.9 libubsan1-debuginfo-9.2.1+r275327-1.3.9 - SUSE OpenStack Cloud 7 (s390x x86_64): gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 libasan5-32bit-9.2.1+r275327-1.3.9 libasan5-9.2.1+r275327-1.3.9 libasan5-debuginfo-9.2.1+r275327-1.3.9 libatomic1-32bit-9.2.1+r275327-1.3.9 libatomic1-9.2.1+r275327-1.3.9 libatomic1-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-32bit-9.2.1+r275327-1.3.9 libgcc_s1-9.2.1+r275327-1.3.9 libgcc_s1-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-32bit-9.2.1+r275327-1.3.9 libgfortran5-9.2.1+r275327-1.3.9 libgfortran5-debuginfo-9.2.1+r275327-1.3.9 libgo14-32bit-9.2.1+r275327-1.3.9 libgo14-9.2.1+r275327-1.3.9 libgo14-debuginfo-9.2.1+r275327-1.3.9 libgomp1-32bit-9.2.1+r275327-1.3.9 libgomp1-9.2.1+r275327-1.3.9 libgomp1-debuginfo-9.2.1+r275327-1.3.9 libitm1-32bit-9.2.1+r275327-1.3.9 libitm1-9.2.1+r275327-1.3.9 libitm1-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-32bit-9.2.1+r275327-1.3.9 libstdc++6-9.2.1+r275327-1.3.9 libstdc++6-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-locale-9.2.1+r275327-1.3.9 libubsan1-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-debuginfo-9.2.1+r275327-1.3.9 libubsan1-9.2.1+r275327-1.3.9 libubsan1-debuginfo-9.2.1+r275327-1.3.9 - SUSE OpenStack Cloud 7 (x86_64): liblsan0-9.2.1+r275327-1.3.9 liblsan0-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-32bit-9.2.1+r275327-1.3.9 libquadmath0-9.2.1+r275327-1.3.9 libquadmath0-debuginfo-9.2.1+r275327-1.3.9 libtsan0-9.2.1+r275327-1.3.9 libtsan0-debuginfo-9.2.1+r275327-1.3.9 - SUSE OpenStack Cloud 7 (s390x): libasan5-32bit-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 libasan5-9.2.1+r275327-1.3.9 libasan5-debuginfo-9.2.1+r275327-1.3.9 libatomic1-9.2.1+r275327-1.3.9 libatomic1-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-9.2.1+r275327-1.3.9 libgcc_s1-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-9.2.1+r275327-1.3.9 libgfortran5-debuginfo-9.2.1+r275327-1.3.9 libgo14-9.2.1+r275327-1.3.9 libgo14-debuginfo-9.2.1+r275327-1.3.9 libgomp1-9.2.1+r275327-1.3.9 libgomp1-debuginfo-9.2.1+r275327-1.3.9 libitm1-9.2.1+r275327-1.3.9 libitm1-debuginfo-9.2.1+r275327-1.3.9 liblsan0-9.2.1+r275327-1.3.9 liblsan0-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-9.2.1+r275327-1.3.9 libquadmath0-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-9.2.1+r275327-1.3.9 libstdc++6-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-locale-9.2.1+r275327-1.3.9 libtsan0-9.2.1+r275327-1.3.9 libtsan0-debuginfo-9.2.1+r275327-1.3.9 libubsan1-9.2.1+r275327-1.3.9 libubsan1-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libasan5-32bit-9.2.1+r275327-1.3.9 libasan5-32bit-debuginfo-9.2.1+r275327-1.3.9 libatomic1-32bit-9.2.1+r275327-1.3.9 libatomic1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-32bit-9.2.1+r275327-1.3.9 libgcc_s1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-32bit-9.2.1+r275327-1.3.9 libgfortran5-32bit-debuginfo-9.2.1+r275327-1.3.9 libgo14-32bit-9.2.1+r275327-1.3.9 libgo14-32bit-debuginfo-9.2.1+r275327-1.3.9 libgomp1-32bit-9.2.1+r275327-1.3.9 libgomp1-32bit-debuginfo-9.2.1+r275327-1.3.9 libitm1-32bit-9.2.1+r275327-1.3.9 libitm1-32bit-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-32bit-9.2.1+r275327-1.3.9 libquadmath0-32bit-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-32bit-9.2.1+r275327-1.3.9 libstdc++6-32bit-debuginfo-9.2.1+r275327-1.3.9 libubsan1-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 libasan5-9.2.1+r275327-1.3.9 libasan5-debuginfo-9.2.1+r275327-1.3.9 libatomic1-9.2.1+r275327-1.3.9 libatomic1-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-9.2.1+r275327-1.3.9 libgcc_s1-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-9.2.1+r275327-1.3.9 libgfortran5-debuginfo-9.2.1+r275327-1.3.9 libgo14-9.2.1+r275327-1.3.9 libgo14-debuginfo-9.2.1+r275327-1.3.9 libgomp1-9.2.1+r275327-1.3.9 libgomp1-debuginfo-9.2.1+r275327-1.3.9 libitm1-9.2.1+r275327-1.3.9 libitm1-debuginfo-9.2.1+r275327-1.3.9 liblsan0-9.2.1+r275327-1.3.9 liblsan0-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-9.2.1+r275327-1.3.9 libquadmath0-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-9.2.1+r275327-1.3.9 libstdc++6-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-locale-9.2.1+r275327-1.3.9 libtsan0-9.2.1+r275327-1.3.9 libtsan0-debuginfo-9.2.1+r275327-1.3.9 libubsan1-9.2.1+r275327-1.3.9 libubsan1-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libasan5-32bit-9.2.1+r275327-1.3.9 libatomic1-32bit-9.2.1+r275327-1.3.9 libgcc_s1-32bit-9.2.1+r275327-1.3.9 libgfortran5-32bit-9.2.1+r275327-1.3.9 libgo14-32bit-9.2.1+r275327-1.3.9 libgomp1-32bit-9.2.1+r275327-1.3.9 libitm1-32bit-9.2.1+r275327-1.3.9 libquadmath0-32bit-9.2.1+r275327-1.3.9 libstdc++6-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 libasan5-32bit-9.2.1+r275327-1.3.9 libasan5-32bit-debuginfo-9.2.1+r275327-1.3.9 libasan5-9.2.1+r275327-1.3.9 libasan5-debuginfo-9.2.1+r275327-1.3.9 libatomic1-32bit-9.2.1+r275327-1.3.9 libatomic1-32bit-debuginfo-9.2.1+r275327-1.3.9 libatomic1-9.2.1+r275327-1.3.9 libatomic1-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-32bit-9.2.1+r275327-1.3.9 libgcc_s1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-9.2.1+r275327-1.3.9 libgcc_s1-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-32bit-9.2.1+r275327-1.3.9 libgfortran5-32bit-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-9.2.1+r275327-1.3.9 libgfortran5-debuginfo-9.2.1+r275327-1.3.9 libgo14-32bit-9.2.1+r275327-1.3.9 libgo14-32bit-debuginfo-9.2.1+r275327-1.3.9 libgo14-9.2.1+r275327-1.3.9 libgo14-debuginfo-9.2.1+r275327-1.3.9 libgomp1-32bit-9.2.1+r275327-1.3.9 libgomp1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgomp1-9.2.1+r275327-1.3.9 libgomp1-debuginfo-9.2.1+r275327-1.3.9 libitm1-32bit-9.2.1+r275327-1.3.9 libitm1-32bit-debuginfo-9.2.1+r275327-1.3.9 libitm1-9.2.1+r275327-1.3.9 libitm1-debuginfo-9.2.1+r275327-1.3.9 liblsan0-9.2.1+r275327-1.3.9 liblsan0-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-32bit-9.2.1+r275327-1.3.9 libquadmath0-32bit-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-9.2.1+r275327-1.3.9 libquadmath0-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-32bit-9.2.1+r275327-1.3.9 libstdc++6-32bit-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-9.2.1+r275327-1.3.9 libstdc++6-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-locale-9.2.1+r275327-1.3.9 libtsan0-9.2.1+r275327-1.3.9 libtsan0-debuginfo-9.2.1+r275327-1.3.9 libubsan1-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-debuginfo-9.2.1+r275327-1.3.9 libubsan1-9.2.1+r275327-1.3.9 libubsan1-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 libasan5-9.2.1+r275327-1.3.9 libasan5-debuginfo-9.2.1+r275327-1.3.9 libatomic1-9.2.1+r275327-1.3.9 libatomic1-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-9.2.1+r275327-1.3.9 libgcc_s1-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-9.2.1+r275327-1.3.9 libgfortran5-debuginfo-9.2.1+r275327-1.3.9 libgo14-9.2.1+r275327-1.3.9 libgo14-debuginfo-9.2.1+r275327-1.3.9 libgomp1-9.2.1+r275327-1.3.9 libgomp1-debuginfo-9.2.1+r275327-1.3.9 libitm1-9.2.1+r275327-1.3.9 libitm1-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-9.2.1+r275327-1.3.9 libstdc++6-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-locale-9.2.1+r275327-1.3.9 libubsan1-9.2.1+r275327-1.3.9 libubsan1-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le x86_64): liblsan0-9.2.1+r275327-1.3.9 liblsan0-debuginfo-9.2.1+r275327-1.3.9 libtsan0-9.2.1+r275327-1.3.9 libtsan0-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP5 (ppc64le x86_64): libquadmath0-9.2.1+r275327-1.3.9 libquadmath0-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libasan5-32bit-9.2.1+r275327-1.3.9 libatomic1-32bit-9.2.1+r275327-1.3.9 libgcc_s1-32bit-9.2.1+r275327-1.3.9 libgfortran5-32bit-9.2.1+r275327-1.3.9 libgo14-32bit-9.2.1+r275327-1.3.9 libgomp1-32bit-9.2.1+r275327-1.3.9 libitm1-32bit-9.2.1+r275327-1.3.9 libstdc++6-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP5 (x86_64): libquadmath0-32bit-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 libasan5-9.2.1+r275327-1.3.9 libasan5-debuginfo-9.2.1+r275327-1.3.9 libatomic1-9.2.1+r275327-1.3.9 libatomic1-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-9.2.1+r275327-1.3.9 libgcc_s1-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-9.2.1+r275327-1.3.9 libgfortran5-debuginfo-9.2.1+r275327-1.3.9 libgo14-9.2.1+r275327-1.3.9 libgo14-debuginfo-9.2.1+r275327-1.3.9 libgomp1-9.2.1+r275327-1.3.9 libgomp1-debuginfo-9.2.1+r275327-1.3.9 libitm1-9.2.1+r275327-1.3.9 libitm1-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-9.2.1+r275327-1.3.9 libstdc++6-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-locale-9.2.1+r275327-1.3.9 libubsan1-9.2.1+r275327-1.3.9 libubsan1-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le x86_64): liblsan0-9.2.1+r275327-1.3.9 liblsan0-debuginfo-9.2.1+r275327-1.3.9 libtsan0-9.2.1+r275327-1.3.9 libtsan0-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP4 (ppc64le x86_64): libquadmath0-9.2.1+r275327-1.3.9 libquadmath0-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libasan5-32bit-9.2.1+r275327-1.3.9 libatomic1-32bit-9.2.1+r275327-1.3.9 libgcc_s1-32bit-9.2.1+r275327-1.3.9 libgfortran5-32bit-9.2.1+r275327-1.3.9 libgo14-32bit-9.2.1+r275327-1.3.9 libgomp1-32bit-9.2.1+r275327-1.3.9 libitm1-32bit-9.2.1+r275327-1.3.9 libstdc++6-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP4 (x86_64): libquadmath0-32bit-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 libasan5-9.2.1+r275327-1.3.9 libasan5-debuginfo-9.2.1+r275327-1.3.9 libatomic1-9.2.1+r275327-1.3.9 libatomic1-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-9.2.1+r275327-1.3.9 libgcc_s1-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-9.2.1+r275327-1.3.9 libgfortran5-debuginfo-9.2.1+r275327-1.3.9 libgo14-9.2.1+r275327-1.3.9 libgo14-debuginfo-9.2.1+r275327-1.3.9 libgomp1-9.2.1+r275327-1.3.9 libgomp1-debuginfo-9.2.1+r275327-1.3.9 libitm1-9.2.1+r275327-1.3.9 libitm1-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-9.2.1+r275327-1.3.9 libstdc++6-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-locale-9.2.1+r275327-1.3.9 libubsan1-9.2.1+r275327-1.3.9 libubsan1-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le x86_64): liblsan0-9.2.1+r275327-1.3.9 liblsan0-debuginfo-9.2.1+r275327-1.3.9 libtsan0-9.2.1+r275327-1.3.9 libtsan0-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): libquadmath0-9.2.1+r275327-1.3.9 libquadmath0-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libasan5-32bit-9.2.1+r275327-1.3.9 libasan5-32bit-debuginfo-9.2.1+r275327-1.3.9 libatomic1-32bit-9.2.1+r275327-1.3.9 libatomic1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-32bit-9.2.1+r275327-1.3.9 libgcc_s1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-32bit-9.2.1+r275327-1.3.9 libgfortran5-32bit-debuginfo-9.2.1+r275327-1.3.9 libgo14-32bit-9.2.1+r275327-1.3.9 libgo14-32bit-debuginfo-9.2.1+r275327-1.3.9 libgomp1-32bit-9.2.1+r275327-1.3.9 libgomp1-32bit-debuginfo-9.2.1+r275327-1.3.9 libitm1-32bit-9.2.1+r275327-1.3.9 libitm1-32bit-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-32bit-9.2.1+r275327-1.3.9 libstdc++6-32bit-debuginfo-9.2.1+r275327-1.3.9 libubsan1-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): libquadmath0-32bit-9.2.1+r275327-1.3.9 libquadmath0-32bit-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 libasan5-32bit-9.2.1+r275327-1.3.9 libasan5-32bit-debuginfo-9.2.1+r275327-1.3.9 libasan5-9.2.1+r275327-1.3.9 libasan5-debuginfo-9.2.1+r275327-1.3.9 libatomic1-32bit-9.2.1+r275327-1.3.9 libatomic1-32bit-debuginfo-9.2.1+r275327-1.3.9 libatomic1-9.2.1+r275327-1.3.9 libatomic1-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-32bit-9.2.1+r275327-1.3.9 libgcc_s1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-9.2.1+r275327-1.3.9 libgcc_s1-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-32bit-9.2.1+r275327-1.3.9 libgfortran5-32bit-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-9.2.1+r275327-1.3.9 libgfortran5-debuginfo-9.2.1+r275327-1.3.9 libgo14-32bit-9.2.1+r275327-1.3.9 libgo14-32bit-debuginfo-9.2.1+r275327-1.3.9 libgo14-9.2.1+r275327-1.3.9 libgo14-debuginfo-9.2.1+r275327-1.3.9 libgomp1-32bit-9.2.1+r275327-1.3.9 libgomp1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgomp1-9.2.1+r275327-1.3.9 libgomp1-debuginfo-9.2.1+r275327-1.3.9 libitm1-32bit-9.2.1+r275327-1.3.9 libitm1-32bit-debuginfo-9.2.1+r275327-1.3.9 libitm1-9.2.1+r275327-1.3.9 libitm1-debuginfo-9.2.1+r275327-1.3.9 liblsan0-9.2.1+r275327-1.3.9 liblsan0-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-32bit-9.2.1+r275327-1.3.9 libquadmath0-32bit-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-9.2.1+r275327-1.3.9 libquadmath0-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-32bit-9.2.1+r275327-1.3.9 libstdc++6-32bit-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-9.2.1+r275327-1.3.9 libstdc++6-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-locale-9.2.1+r275327-1.3.9 libtsan0-9.2.1+r275327-1.3.9 libtsan0-debuginfo-9.2.1+r275327-1.3.9 libubsan1-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-debuginfo-9.2.1+r275327-1.3.9 libubsan1-9.2.1+r275327-1.3.9 libubsan1-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 libasan5-9.2.1+r275327-1.3.9 libasan5-debuginfo-9.2.1+r275327-1.3.9 libatomic1-9.2.1+r275327-1.3.9 libatomic1-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-9.2.1+r275327-1.3.9 libgcc_s1-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-9.2.1+r275327-1.3.9 libgfortran5-debuginfo-9.2.1+r275327-1.3.9 libgo14-9.2.1+r275327-1.3.9 libgo14-debuginfo-9.2.1+r275327-1.3.9 libgomp1-9.2.1+r275327-1.3.9 libgomp1-debuginfo-9.2.1+r275327-1.3.9 libitm1-9.2.1+r275327-1.3.9 libitm1-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-9.2.1+r275327-1.3.9 libstdc++6-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-locale-9.2.1+r275327-1.3.9 libubsan1-9.2.1+r275327-1.3.9 libubsan1-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): liblsan0-9.2.1+r275327-1.3.9 liblsan0-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-9.2.1+r275327-1.3.9 libquadmath0-debuginfo-9.2.1+r275327-1.3.9 libtsan0-9.2.1+r275327-1.3.9 libtsan0-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libasan5-32bit-9.2.1+r275327-1.3.9 libatomic1-32bit-9.2.1+r275327-1.3.9 libgcc_s1-32bit-9.2.1+r275327-1.3.9 libgfortran5-32bit-9.2.1+r275327-1.3.9 libgo14-32bit-9.2.1+r275327-1.3.9 libgomp1-32bit-9.2.1+r275327-1.3.9 libitm1-32bit-9.2.1+r275327-1.3.9 libstdc++6-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): libquadmath0-32bit-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): libasan5-32bit-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 libasan5-32bit-9.2.1+r275327-1.3.9 libasan5-9.2.1+r275327-1.3.9 libasan5-debuginfo-9.2.1+r275327-1.3.9 libatomic1-32bit-9.2.1+r275327-1.3.9 libatomic1-9.2.1+r275327-1.3.9 libatomic1-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-32bit-9.2.1+r275327-1.3.9 libgcc_s1-9.2.1+r275327-1.3.9 libgcc_s1-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-32bit-9.2.1+r275327-1.3.9 libgfortran5-9.2.1+r275327-1.3.9 libgfortran5-debuginfo-9.2.1+r275327-1.3.9 libgo14-32bit-9.2.1+r275327-1.3.9 libgo14-9.2.1+r275327-1.3.9 libgo14-debuginfo-9.2.1+r275327-1.3.9 libgomp1-32bit-9.2.1+r275327-1.3.9 libgomp1-9.2.1+r275327-1.3.9 libgomp1-debuginfo-9.2.1+r275327-1.3.9 libitm1-32bit-9.2.1+r275327-1.3.9 libitm1-9.2.1+r275327-1.3.9 libitm1-debuginfo-9.2.1+r275327-1.3.9 liblsan0-9.2.1+r275327-1.3.9 liblsan0-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-32bit-9.2.1+r275327-1.3.9 libquadmath0-9.2.1+r275327-1.3.9 libquadmath0-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-32bit-9.2.1+r275327-1.3.9 libstdc++6-9.2.1+r275327-1.3.9 libstdc++6-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-locale-9.2.1+r275327-1.3.9 libtsan0-9.2.1+r275327-1.3.9 libtsan0-debuginfo-9.2.1+r275327-1.3.9 libubsan1-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-debuginfo-9.2.1+r275327-1.3.9 libubsan1-9.2.1+r275327-1.3.9 libubsan1-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 libasan5-9.2.1+r275327-1.3.9 libasan5-debuginfo-9.2.1+r275327-1.3.9 libatomic1-9.2.1+r275327-1.3.9 libatomic1-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-9.2.1+r275327-1.3.9 libgcc_s1-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-9.2.1+r275327-1.3.9 libgfortran5-debuginfo-9.2.1+r275327-1.3.9 libgo14-9.2.1+r275327-1.3.9 libgo14-debuginfo-9.2.1+r275327-1.3.9 libgomp1-9.2.1+r275327-1.3.9 libgomp1-debuginfo-9.2.1+r275327-1.3.9 libitm1-9.2.1+r275327-1.3.9 libitm1-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-9.2.1+r275327-1.3.9 libstdc++6-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-locale-9.2.1+r275327-1.3.9 libubsan1-9.2.1+r275327-1.3.9 libubsan1-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le x86_64): liblsan0-9.2.1+r275327-1.3.9 liblsan0-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-9.2.1+r275327-1.3.9 libquadmath0-debuginfo-9.2.1+r275327-1.3.9 libtsan0-9.2.1+r275327-1.3.9 libtsan0-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libasan5-32bit-9.2.1+r275327-1.3.9 libasan5-32bit-debuginfo-9.2.1+r275327-1.3.9 libatomic1-32bit-9.2.1+r275327-1.3.9 libatomic1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-32bit-9.2.1+r275327-1.3.9 libgcc_s1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-32bit-9.2.1+r275327-1.3.9 libgfortran5-32bit-debuginfo-9.2.1+r275327-1.3.9 libgo14-32bit-9.2.1+r275327-1.3.9 libgo14-32bit-debuginfo-9.2.1+r275327-1.3.9 libgomp1-32bit-9.2.1+r275327-1.3.9 libgomp1-32bit-debuginfo-9.2.1+r275327-1.3.9 libitm1-32bit-9.2.1+r275327-1.3.9 libitm1-32bit-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-32bit-9.2.1+r275327-1.3.9 libstdc++6-32bit-debuginfo-9.2.1+r275327-1.3.9 libubsan1-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): libquadmath0-32bit-9.2.1+r275327-1.3.9 libquadmath0-32bit-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Module for Toolchain 12 (aarch64 ppc64le s390x x86_64): cpp9-9.2.1+r275327-1.3.9 cpp9-debuginfo-9.2.1+r275327-1.3.9 gcc9-9.2.1+r275327-1.3.9 gcc9-c++-9.2.1+r275327-1.3.9 gcc9-c++-debuginfo-9.2.1+r275327-1.3.9 gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 gcc9-fortran-9.2.1+r275327-1.3.9 gcc9-fortran-debuginfo-9.2.1+r275327-1.3.9 gcc9-go-9.2.1+r275327-1.3.9 gcc9-go-debuginfo-9.2.1+r275327-1.3.9 gcc9-locale-9.2.1+r275327-1.3.9 libstdc++6-devel-gcc9-9.2.1+r275327-1.3.9 libstdc++6-pp-gcc9-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Module for Toolchain 12 (s390x x86_64): gcc9-32bit-9.2.1+r275327-1.3.9 gcc9-c++-32bit-9.2.1+r275327-1.3.9 gcc9-fortran-32bit-9.2.1+r275327-1.3.9 gcc9-go-32bit-9.2.1+r275327-1.3.9 libstdc++6-devel-gcc9-32bit-9.2.1+r275327-1.3.9 libstdc++6-pp-gcc9-32bit-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Module for Toolchain 12 (x86_64): gcc9-ada-32bit-9.2.1+r275327-1.3.9 gcc9-ada-9.2.1+r275327-1.3.9 gcc9-ada-debuginfo-9.2.1+r275327-1.3.9 libada9-32bit-9.2.1+r275327-1.3.9 libada9-32bit-debuginfo-9.2.1+r275327-1.3.9 libada9-9.2.1+r275327-1.3.9 libada9-debuginfo-9.2.1+r275327-1.3.9 - SUSE Linux Enterprise Module for Toolchain 12 (noarch): gcc9-info-9.2.1+r275327-1.3.9 - SUSE Enterprise Storage 5 (aarch64 x86_64): gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 libasan5-9.2.1+r275327-1.3.9 libasan5-debuginfo-9.2.1+r275327-1.3.9 libatomic1-9.2.1+r275327-1.3.9 libatomic1-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-9.2.1+r275327-1.3.9 libgcc_s1-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-9.2.1+r275327-1.3.9 libgfortran5-debuginfo-9.2.1+r275327-1.3.9 libgo14-9.2.1+r275327-1.3.9 libgo14-debuginfo-9.2.1+r275327-1.3.9 libgomp1-9.2.1+r275327-1.3.9 libgomp1-debuginfo-9.2.1+r275327-1.3.9 libitm1-9.2.1+r275327-1.3.9 libitm1-debuginfo-9.2.1+r275327-1.3.9 liblsan0-9.2.1+r275327-1.3.9 liblsan0-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-9.2.1+r275327-1.3.9 libstdc++6-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-locale-9.2.1+r275327-1.3.9 libtsan0-9.2.1+r275327-1.3.9 libtsan0-debuginfo-9.2.1+r275327-1.3.9 libubsan1-9.2.1+r275327-1.3.9 libubsan1-debuginfo-9.2.1+r275327-1.3.9 - SUSE Enterprise Storage 5 (x86_64): libasan5-32bit-9.2.1+r275327-1.3.9 libasan5-32bit-debuginfo-9.2.1+r275327-1.3.9 libatomic1-32bit-9.2.1+r275327-1.3.9 libatomic1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-32bit-9.2.1+r275327-1.3.9 libgcc_s1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-32bit-9.2.1+r275327-1.3.9 libgfortran5-32bit-debuginfo-9.2.1+r275327-1.3.9 libgo14-32bit-9.2.1+r275327-1.3.9 libgo14-32bit-debuginfo-9.2.1+r275327-1.3.9 libgomp1-32bit-9.2.1+r275327-1.3.9 libgomp1-32bit-debuginfo-9.2.1+r275327-1.3.9 libitm1-32bit-9.2.1+r275327-1.3.9 libitm1-32bit-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-32bit-9.2.1+r275327-1.3.9 libquadmath0-32bit-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-9.2.1+r275327-1.3.9 libquadmath0-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-32bit-9.2.1+r275327-1.3.9 libstdc++6-32bit-debuginfo-9.2.1+r275327-1.3.9 libubsan1-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-debuginfo-9.2.1+r275327-1.3.9 - HPE Helion Openstack 8 (x86_64): gcc9-debuginfo-9.2.1+r275327-1.3.9 gcc9-debugsource-9.2.1+r275327-1.3.9 libasan5-32bit-9.2.1+r275327-1.3.9 libasan5-32bit-debuginfo-9.2.1+r275327-1.3.9 libasan5-9.2.1+r275327-1.3.9 libasan5-debuginfo-9.2.1+r275327-1.3.9 libatomic1-32bit-9.2.1+r275327-1.3.9 libatomic1-32bit-debuginfo-9.2.1+r275327-1.3.9 libatomic1-9.2.1+r275327-1.3.9 libatomic1-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-32bit-9.2.1+r275327-1.3.9 libgcc_s1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgcc_s1-9.2.1+r275327-1.3.9 libgcc_s1-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-32bit-9.2.1+r275327-1.3.9 libgfortran5-32bit-debuginfo-9.2.1+r275327-1.3.9 libgfortran5-9.2.1+r275327-1.3.9 libgfortran5-debuginfo-9.2.1+r275327-1.3.9 libgo14-32bit-9.2.1+r275327-1.3.9 libgo14-32bit-debuginfo-9.2.1+r275327-1.3.9 libgo14-9.2.1+r275327-1.3.9 libgo14-debuginfo-9.2.1+r275327-1.3.9 libgomp1-32bit-9.2.1+r275327-1.3.9 libgomp1-32bit-debuginfo-9.2.1+r275327-1.3.9 libgomp1-9.2.1+r275327-1.3.9 libgomp1-debuginfo-9.2.1+r275327-1.3.9 libitm1-32bit-9.2.1+r275327-1.3.9 libitm1-32bit-debuginfo-9.2.1+r275327-1.3.9 libitm1-9.2.1+r275327-1.3.9 libitm1-debuginfo-9.2.1+r275327-1.3.9 liblsan0-9.2.1+r275327-1.3.9 liblsan0-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-32bit-9.2.1+r275327-1.3.9 libquadmath0-32bit-debuginfo-9.2.1+r275327-1.3.9 libquadmath0-9.2.1+r275327-1.3.9 libquadmath0-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-32bit-9.2.1+r275327-1.3.9 libstdc++6-32bit-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-9.2.1+r275327-1.3.9 libstdc++6-debuginfo-9.2.1+r275327-1.3.9 libstdc++6-locale-9.2.1+r275327-1.3.9 libtsan0-9.2.1+r275327-1.3.9 libtsan0-debuginfo-9.2.1+r275327-1.3.9 libubsan1-32bit-9.2.1+r275327-1.3.9 libubsan1-32bit-debuginfo-9.2.1+r275327-1.3.9 libubsan1-9.2.1+r275327-1.3.9 libubsan1-debuginfo-9.2.1+r275327-1.3.9 References: https://www.suse.com/security/cve/CVE-2019-14250.html https://www.suse.com/security/cve/CVE-2019-15847.html https://bugzilla.suse.com/1114592 https://bugzilla.suse.com/1135254 https://bugzilla.suse.com/1141897 https://bugzilla.suse.com/1142649 https://bugzilla.suse.com/1142654 https://bugzilla.suse.com/1148517 https://bugzilla.suse.com/1149145 From sle-updates at lists.suse.com Tue Feb 18 10:13:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Feb 2020 18:13:40 +0100 (CET) Subject: SUSE-SU-2020:0397-1: important: Security update for php72 Message-ID: <20200218171340.4E455F798@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0397-1 Rating: important References: #1161982 #1162629 #1162632 Cross-References: CVE-2019-20433 CVE-2020-7059 CVE-2020-7060 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php72 fixes the following issues: Security issues fixed: - CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). - CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632). - CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding (bsc#1161982). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-397=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-397=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-397=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.37.1 php72-debugsource-7.2.5-1.37.1 php72-devel-7.2.5-1.37.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.37.1 php72-debugsource-7.2.5-1.37.1 php72-devel-7.2.5-1.37.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.37.1 apache2-mod_php72-debuginfo-7.2.5-1.37.1 php72-7.2.5-1.37.1 php72-bcmath-7.2.5-1.37.1 php72-bcmath-debuginfo-7.2.5-1.37.1 php72-bz2-7.2.5-1.37.1 php72-bz2-debuginfo-7.2.5-1.37.1 php72-calendar-7.2.5-1.37.1 php72-calendar-debuginfo-7.2.5-1.37.1 php72-ctype-7.2.5-1.37.1 php72-ctype-debuginfo-7.2.5-1.37.1 php72-curl-7.2.5-1.37.1 php72-curl-debuginfo-7.2.5-1.37.1 php72-dba-7.2.5-1.37.1 php72-dba-debuginfo-7.2.5-1.37.1 php72-debuginfo-7.2.5-1.37.1 php72-debugsource-7.2.5-1.37.1 php72-dom-7.2.5-1.37.1 php72-dom-debuginfo-7.2.5-1.37.1 php72-enchant-7.2.5-1.37.1 php72-enchant-debuginfo-7.2.5-1.37.1 php72-exif-7.2.5-1.37.1 php72-exif-debuginfo-7.2.5-1.37.1 php72-fastcgi-7.2.5-1.37.1 php72-fastcgi-debuginfo-7.2.5-1.37.1 php72-fileinfo-7.2.5-1.37.1 php72-fileinfo-debuginfo-7.2.5-1.37.1 php72-fpm-7.2.5-1.37.1 php72-fpm-debuginfo-7.2.5-1.37.1 php72-ftp-7.2.5-1.37.1 php72-ftp-debuginfo-7.2.5-1.37.1 php72-gd-7.2.5-1.37.1 php72-gd-debuginfo-7.2.5-1.37.1 php72-gettext-7.2.5-1.37.1 php72-gettext-debuginfo-7.2.5-1.37.1 php72-gmp-7.2.5-1.37.1 php72-gmp-debuginfo-7.2.5-1.37.1 php72-iconv-7.2.5-1.37.1 php72-iconv-debuginfo-7.2.5-1.37.1 php72-imap-7.2.5-1.37.1 php72-imap-debuginfo-7.2.5-1.37.1 php72-intl-7.2.5-1.37.1 php72-intl-debuginfo-7.2.5-1.37.1 php72-json-7.2.5-1.37.1 php72-json-debuginfo-7.2.5-1.37.1 php72-ldap-7.2.5-1.37.1 php72-ldap-debuginfo-7.2.5-1.37.1 php72-mbstring-7.2.5-1.37.1 php72-mbstring-debuginfo-7.2.5-1.37.1 php72-mysql-7.2.5-1.37.1 php72-mysql-debuginfo-7.2.5-1.37.1 php72-odbc-7.2.5-1.37.1 php72-odbc-debuginfo-7.2.5-1.37.1 php72-opcache-7.2.5-1.37.1 php72-opcache-debuginfo-7.2.5-1.37.1 php72-openssl-7.2.5-1.37.1 php72-openssl-debuginfo-7.2.5-1.37.1 php72-pcntl-7.2.5-1.37.1 php72-pcntl-debuginfo-7.2.5-1.37.1 php72-pdo-7.2.5-1.37.1 php72-pdo-debuginfo-7.2.5-1.37.1 php72-pgsql-7.2.5-1.37.1 php72-pgsql-debuginfo-7.2.5-1.37.1 php72-phar-7.2.5-1.37.1 php72-phar-debuginfo-7.2.5-1.37.1 php72-posix-7.2.5-1.37.1 php72-posix-debuginfo-7.2.5-1.37.1 php72-pspell-7.2.5-1.37.1 php72-pspell-debuginfo-7.2.5-1.37.1 php72-readline-7.2.5-1.37.1 php72-readline-debuginfo-7.2.5-1.37.1 php72-shmop-7.2.5-1.37.1 php72-shmop-debuginfo-7.2.5-1.37.1 php72-snmp-7.2.5-1.37.1 php72-snmp-debuginfo-7.2.5-1.37.1 php72-soap-7.2.5-1.37.1 php72-soap-debuginfo-7.2.5-1.37.1 php72-sockets-7.2.5-1.37.1 php72-sockets-debuginfo-7.2.5-1.37.1 php72-sodium-7.2.5-1.37.1 php72-sodium-debuginfo-7.2.5-1.37.1 php72-sqlite-7.2.5-1.37.1 php72-sqlite-debuginfo-7.2.5-1.37.1 php72-sysvmsg-7.2.5-1.37.1 php72-sysvmsg-debuginfo-7.2.5-1.37.1 php72-sysvsem-7.2.5-1.37.1 php72-sysvsem-debuginfo-7.2.5-1.37.1 php72-sysvshm-7.2.5-1.37.1 php72-sysvshm-debuginfo-7.2.5-1.37.1 php72-tidy-7.2.5-1.37.1 php72-tidy-debuginfo-7.2.5-1.37.1 php72-tokenizer-7.2.5-1.37.1 php72-tokenizer-debuginfo-7.2.5-1.37.1 php72-wddx-7.2.5-1.37.1 php72-wddx-debuginfo-7.2.5-1.37.1 php72-xmlreader-7.2.5-1.37.1 php72-xmlreader-debuginfo-7.2.5-1.37.1 php72-xmlrpc-7.2.5-1.37.1 php72-xmlrpc-debuginfo-7.2.5-1.37.1 php72-xmlwriter-7.2.5-1.37.1 php72-xmlwriter-debuginfo-7.2.5-1.37.1 php72-xsl-7.2.5-1.37.1 php72-xsl-debuginfo-7.2.5-1.37.1 php72-zip-7.2.5-1.37.1 php72-zip-debuginfo-7.2.5-1.37.1 php72-zlib-7.2.5-1.37.1 php72-zlib-debuginfo-7.2.5-1.37.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.37.1 php72-pear-Archive_Tar-7.2.5-1.37.1 References: https://www.suse.com/security/cve/CVE-2019-20433.html https://www.suse.com/security/cve/CVE-2020-7059.html https://www.suse.com/security/cve/CVE-2020-7060.html https://bugzilla.suse.com/1161982 https://bugzilla.suse.com/1162629 https://bugzilla.suse.com/1162632 From sle-updates at lists.suse.com Tue Feb 18 10:12:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Feb 2020 18:12:53 +0100 (CET) Subject: SUSE-SU-2020:0393-1: moderate: Security update for fontforge Message-ID: <20200218171253.24A5BF798@maintenance.suse.de> SUSE Security Update: Security update for fontforge ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0393-1 Rating: moderate References: #1160220 #1160236 Cross-References: CVE-2020-5395 CVE-2020-5496 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for fontforge fixes the following issues: - CVE-2020-5395: Fixed a use-after-free in SFD_GetFontMetaData() (bsc#1160220). - CVE-2020-5496: Fixed a heap-based buffer overflow in Type2NotDefSplines() (bsc#1160236). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-393=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-393=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): fontforge-20170731-11.11.1 fontforge-debuginfo-20170731-11.11.1 fontforge-debugsource-20170731-11.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): fontforge-20170731-11.11.1 fontforge-debuginfo-20170731-11.11.1 fontforge-debugsource-20170731-11.11.1 References: https://www.suse.com/security/cve/CVE-2020-5395.html https://www.suse.com/security/cve/CVE-2020-5496.html https://bugzilla.suse.com/1160220 https://bugzilla.suse.com/1160236 From sle-updates at lists.suse.com Tue Feb 18 10:12:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Feb 2020 18:12:14 +0100 (CET) Subject: SUSE-RU-2020:0395-1: moderate: Recommended update for gcc7 Message-ID: <20200218171214.6CEB4F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0395-1 Rating: moderate References: #1160086 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gcc7 fixes the following issue: - Fixed a miscompilation in zSeries code (bsc#1160086) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-395=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-395=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-395=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): cross-arm-gcc7-7.5.0+r278197-4.16.2 cross-arm-gcc7-debuginfo-7.5.0+r278197-4.16.2 cross-arm-gcc7-debugsource-7.5.0+r278197-4.16.2 cross-arm-none-gcc7-bootstrap-7.5.0+r278197-4.16.2 cross-arm-none-gcc7-bootstrap-debuginfo-7.5.0+r278197-4.16.2 cross-arm-none-gcc7-bootstrap-debugsource-7.5.0+r278197-4.16.2 cross-avr-gcc7-bootstrap-7.5.0+r278197-4.16.2 cross-avr-gcc7-bootstrap-debuginfo-7.5.0+r278197-4.16.2 cross-avr-gcc7-bootstrap-debugsource-7.5.0+r278197-4.16.2 cross-epiphany-gcc7-bootstrap-7.5.0+r278197-4.16.2 cross-epiphany-gcc7-bootstrap-debuginfo-7.5.0+r278197-4.16.2 cross-epiphany-gcc7-bootstrap-debugsource-7.5.0+r278197-4.16.2 cross-hppa-gcc7-7.5.0+r278197-4.16.2 cross-hppa-gcc7-debuginfo-7.5.0+r278197-4.16.2 cross-hppa-gcc7-debugsource-7.5.0+r278197-4.16.2 cross-hppa-gcc7-icecream-backend-7.5.0+r278197-4.16.2 cross-i386-gcc7-7.5.0+r278197-4.16.2 cross-i386-gcc7-debuginfo-7.5.0+r278197-4.16.2 cross-i386-gcc7-debugsource-7.5.0+r278197-4.16.2 cross-i386-gcc7-icecream-backend-7.5.0+r278197-4.16.2 cross-m68k-gcc7-7.5.0+r278197-4.16.2 cross-m68k-gcc7-debuginfo-7.5.0+r278197-4.16.2 cross-m68k-gcc7-debugsource-7.5.0+r278197-4.16.2 cross-m68k-gcc7-icecream-backend-7.5.0+r278197-4.16.2 cross-mips-gcc7-7.5.0+r278197-4.16.2 cross-mips-gcc7-debuginfo-7.5.0+r278197-4.16.2 cross-mips-gcc7-debugsource-7.5.0+r278197-4.16.2 cross-mips-gcc7-icecream-backend-7.5.0+r278197-4.16.2 cross-ppc64-gcc7-7.5.0+r278197-4.16.2 cross-ppc64-gcc7-debuginfo-7.5.0+r278197-4.16.2 cross-ppc64-gcc7-debugsource-7.5.0+r278197-4.16.2 cross-ppc64-gcc7-icecream-backend-7.5.0+r278197-4.16.2 cross-rx-gcc7-bootstrap-7.5.0+r278197-4.16.2 cross-rx-gcc7-bootstrap-debuginfo-7.5.0+r278197-4.16.2 cross-rx-gcc7-bootstrap-debugsource-7.5.0+r278197-4.16.2 cross-sparc-gcc7-7.5.0+r278197-4.16.2 cross-sparc-gcc7-debuginfo-7.5.0+r278197-4.16.2 cross-sparc-gcc7-debugsource-7.5.0+r278197-4.16.2 cross-sparc64-gcc7-7.5.0+r278197-4.16.2 cross-sparc64-gcc7-debuginfo-7.5.0+r278197-4.16.2 cross-sparc64-gcc7-debugsource-7.5.0+r278197-4.16.2 cross-sparc64-gcc7-icecream-backend-7.5.0+r278197-4.16.2 cross-sparcv9-gcc7-icecream-backend-7.5.0+r278197-4.16.2 gcc7-debuginfo-7.5.0+r278197-4.16.2 gcc7-debugsource-7.5.0+r278197-4.16.2 gcc7-go-7.5.0+r278197-4.16.2 gcc7-go-debuginfo-7.5.0+r278197-4.16.2 gcc7-obj-c++-7.5.0+r278197-4.16.2 gcc7-obj-c++-debuginfo-7.5.0+r278197-4.16.2 gcc7-testresults-7.5.0+r278197-4.16.2 libatomic1-gcc7-7.5.0+r278197-4.16.2 libatomic1-gcc7-debuginfo-7.5.0+r278197-4.16.2 libgcc_s1-gcc7-7.5.0+r278197-4.16.2 libgcc_s1-gcc7-debuginfo-7.5.0+r278197-4.16.2 libgo11-7.5.0+r278197-4.16.2 libgo11-debuginfo-7.5.0+r278197-4.16.2 libgomp1-gcc7-7.5.0+r278197-4.16.2 libgomp1-gcc7-debuginfo-7.5.0+r278197-4.16.2 libitm1-gcc7-7.5.0+r278197-4.16.2 libitm1-gcc7-debuginfo-7.5.0+r278197-4.16.2 libstdc++6-gcc7-7.5.0+r278197-4.16.2 libstdc++6-gcc7-debuginfo-7.5.0+r278197-4.16.2 libstdc++6-gcc7-locale-7.5.0+r278197-4.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le x86_64): cross-s390x-gcc7-7.5.0+r278197-4.16.2 cross-s390x-gcc7-debuginfo-7.5.0+r278197-4.16.2 cross-s390x-gcc7-debugsource-7.5.0+r278197-4.16.2 cross-s390x-gcc7-icecream-backend-7.5.0+r278197-4.16.2 liblsan0-gcc7-7.5.0+r278197-4.16.2 liblsan0-gcc7-debuginfo-7.5.0+r278197-4.16.2 libtsan0-gcc7-7.5.0+r278197-4.16.2 libtsan0-gcc7-debuginfo-7.5.0+r278197-4.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x): cross-x86_64-gcc7-7.5.0+r278197-4.16.2 cross-x86_64-gcc7-debuginfo-7.5.0+r278197-4.16.2 cross-x86_64-gcc7-debugsource-7.5.0+r278197-4.16.2 cross-x86_64-gcc7-icecream-backend-7.5.0+r278197-4.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x x86_64): cross-ppc64le-gcc7-7.5.0+r278197-4.16.2 cross-ppc64le-gcc7-debuginfo-7.5.0+r278197-4.16.2 cross-ppc64le-gcc7-debugsource-7.5.0+r278197-4.16.2 cross-ppc64le-gcc7-icecream-backend-7.5.0+r278197-4.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le s390x x86_64): cross-aarch64-gcc7-7.5.0+r278197-4.16.2 cross-aarch64-gcc7-debuginfo-7.5.0+r278197-4.16.2 cross-aarch64-gcc7-debugsource-7.5.0+r278197-4.16.2 cross-aarch64-gcc7-icecream-backend-7.5.0+r278197-4.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x x86_64): gcc7-ada-32bit-7.5.0+r278197-4.16.2 gcc7-go-32bit-7.5.0+r278197-4.16.2 gcc7-obj-c++-32bit-7.5.0+r278197-4.16.2 gcc7-objc-32bit-7.5.0+r278197-4.16.2 libada7-32bit-7.5.0+r278197-4.16.2 libada7-32bit-debuginfo-7.5.0+r278197-4.16.2 libatomic1-gcc7-32bit-7.5.0+r278197-4.16.2 libatomic1-gcc7-32bit-debuginfo-7.5.0+r278197-4.16.2 libgcc_s1-gcc7-32bit-7.5.0+r278197-4.16.2 libgcc_s1-gcc7-32bit-debuginfo-7.5.0+r278197-4.16.2 libgo11-32bit-7.5.0+r278197-4.16.2 libgo11-32bit-debuginfo-7.5.0+r278197-4.16.2 libgomp1-gcc7-32bit-7.5.0+r278197-4.16.2 libgomp1-gcc7-32bit-debuginfo-7.5.0+r278197-4.16.2 libitm1-gcc7-32bit-7.5.0+r278197-4.16.2 libitm1-gcc7-32bit-debuginfo-7.5.0+r278197-4.16.2 libobjc4-32bit-7.5.0+r278197-4.16.2 libobjc4-32bit-debuginfo-7.5.0+r278197-4.16.2 libstdc++6-gcc7-32bit-7.5.0+r278197-4.16.2 libstdc++6-gcc7-32bit-debuginfo-7.5.0+r278197-4.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libmpx2-gcc7-32bit-7.5.0+r278197-4.16.2 libmpx2-gcc7-32bit-debuginfo-7.5.0+r278197-4.16.2 libmpx2-gcc7-7.5.0+r278197-4.16.2 libmpx2-gcc7-debuginfo-7.5.0+r278197-4.16.2 libmpxwrappers2-gcc7-32bit-7.5.0+r278197-4.16.2 libmpxwrappers2-gcc7-32bit-debuginfo-7.5.0+r278197-4.16.2 libmpxwrappers2-gcc7-7.5.0+r278197-4.16.2 libmpxwrappers2-gcc7-debuginfo-7.5.0+r278197-4.16.2 libquadmath0-gcc7-32bit-7.5.0+r278197-4.16.2 libquadmath0-gcc7-32bit-debuginfo-7.5.0+r278197-4.16.2 libquadmath0-gcc7-7.5.0+r278197-4.16.2 libquadmath0-gcc7-debuginfo-7.5.0+r278197-4.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): gcc7-32bit-7.5.0+r278197-4.16.2 gcc7-c++-32bit-7.5.0+r278197-4.16.2 gcc7-fortran-32bit-7.5.0+r278197-4.16.2 libasan4-32bit-7.5.0+r278197-4.16.2 libasan4-32bit-debuginfo-7.5.0+r278197-4.16.2 libgfortran4-32bit-7.5.0+r278197-4.16.2 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.16.2 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.16.2 libubsan0-32bit-7.5.0+r278197-4.16.2 libubsan0-32bit-debuginfo-7.5.0+r278197-4.16.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): gcc7-ada-7.5.0+r278197-4.16.2 gcc7-ada-debuginfo-7.5.0+r278197-4.16.2 gcc7-debuginfo-7.5.0+r278197-4.16.2 gcc7-debugsource-7.5.0+r278197-4.16.2 gcc7-locale-7.5.0+r278197-4.16.2 gcc7-objc-7.5.0+r278197-4.16.2 gcc7-objc-debuginfo-7.5.0+r278197-4.16.2 libada7-7.5.0+r278197-4.16.2 libada7-debuginfo-7.5.0+r278197-4.16.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): cross-nvptx-gcc7-7.5.0+r278197-4.16.2 cross-nvptx-newlib7-devel-7.5.0+r278197-4.16.2 gcc7-32bit-7.5.0+r278197-4.16.2 gcc7-c++-32bit-7.5.0+r278197-4.16.2 gcc7-fortran-32bit-7.5.0+r278197-4.16.2 libasan4-32bit-7.5.0+r278197-4.16.2 libasan4-32bit-debuginfo-7.5.0+r278197-4.16.2 libcilkrts5-32bit-7.5.0+r278197-4.16.2 libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.16.2 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.16.2 libubsan0-32bit-7.5.0+r278197-4.16.2 libubsan0-32bit-debuginfo-7.5.0+r278197-4.16.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): gcc7-info-7.5.0+r278197-4.16.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): cpp7-7.5.0+r278197-4.16.2 cpp7-debuginfo-7.5.0+r278197-4.16.2 gcc7-7.5.0+r278197-4.16.2 gcc7-c++-7.5.0+r278197-4.16.2 gcc7-c++-debuginfo-7.5.0+r278197-4.16.2 gcc7-debuginfo-7.5.0+r278197-4.16.2 gcc7-debugsource-7.5.0+r278197-4.16.2 gcc7-fortran-7.5.0+r278197-4.16.2 gcc7-fortran-debuginfo-7.5.0+r278197-4.16.2 libasan4-7.5.0+r278197-4.16.2 libasan4-debuginfo-7.5.0+r278197-4.16.2 libgfortran4-7.5.0+r278197-4.16.2 libgfortran4-debuginfo-7.5.0+r278197-4.16.2 libobjc4-7.5.0+r278197-4.16.2 libobjc4-debuginfo-7.5.0+r278197-4.16.2 libstdc++6-devel-gcc7-7.5.0+r278197-4.16.2 libubsan0-7.5.0+r278197-4.16.2 libubsan0-debuginfo-7.5.0+r278197-4.16.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libcilkrts5-7.5.0+r278197-4.16.2 libcilkrts5-debuginfo-7.5.0+r278197-4.16.2 libgfortran4-32bit-7.5.0+r278197-4.16.2 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.16.2 References: https://bugzilla.suse.com/1160086 From sle-updates at lists.suse.com Tue Feb 18 13:11:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Feb 2020 21:11:13 +0100 (CET) Subject: SUSE-RU-2020:0398-1: moderate: Recommended update for gnu-compilers-hpc Message-ID: <20200218201113.B43F7F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnu-compilers-hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0398-1 Rating: moderate References: #1160924 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for HPC 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnu-compilers-hpc fixes the following issues: - Added gcc9 flavors (jsc#SLE-8604 bsc#1160924) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-398=1 - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2020-398=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): gnu-compilers-hpc-1.4-3.6.1 gnu-compilers-hpc-devel-1.4-3.6.1 gnu-compilers-hpc-macros-devel-1.4-3.6.1 - SUSE Linux Enterprise Module for HPC 15-SP1 (noarch): gnu-compilers-hpc-1.4-3.6.1 gnu-compilers-hpc-devel-1.4-3.6.1 gnu-compilers-hpc-macros-devel-1.4-3.6.1 gnu8-compilers-hpc-1.4-3.6.1 gnu8-compilers-hpc-devel-1.4-3.6.1 gnu8-compilers-hpc-macros-devel-1.4-3.6.1 gnu9-compilers-hpc-1.4-3.6.1 gnu9-compilers-hpc-devel-1.4-3.6.1 gnu9-compilers-hpc-macros-devel-1.4-3.6.1 References: https://bugzilla.suse.com/1160924 From sle-updates at lists.suse.com Wed Feb 19 04:12:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 12:12:59 +0100 (CET) Subject: SUSE-RU-2020:0022-2: moderate: Recommended update for python-numpy Message-ID: <20200219111259.7C1BCF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0022-2 Rating: moderate References: #1149203 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-numpy fixes the following issues: - Add new random module including selectable random number generators: MT19937, PCG64, Philox and SFC64 (bsc#1149203) - NumPy's FFT implementation was changed from fftpack to pocketfft, resulting in faster, more accurate transforms and better handling of datasets of prime length. (bsc#1149203) - New radix sort and timsort sorting methods. (bsc#1149203) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2020-22=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): python-numpy_1_17_3-gnu-hpc-debugsource-1.17.3-4.11.1 python3-numpy-gnu-hpc-1.17.3-4.11.1 python3-numpy-gnu-hpc-devel-1.17.3-4.11.1 python3-numpy_1_17_3-gnu-hpc-1.17.3-4.11.1 python3-numpy_1_17_3-gnu-hpc-debuginfo-1.17.3-4.11.1 python3-numpy_1_17_3-gnu-hpc-devel-1.17.3-4.11.1 References: https://bugzilla.suse.com/1149203 From sle-updates at lists.suse.com Wed Feb 19 04:13:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 12:13:37 +0100 (CET) Subject: SUSE-RU-2020:0402-1: moderate: Recommended update for powerpc-utils Message-ID: <20200219111337.D4959F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0402-1 Rating: moderate References: #1158312 #1161925 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for powerpc-utils fixes the following issues: - New IBM POWER firmware supports new devicetree format for storing system topology in devicetree. Support for this new format was optional but with new firmware and large system configuration the data cannot be represented with the old inefficient format anymore. (jsc#SLE-11094, jsc#SLE-11193, jsc#SLE-11092, jsc#SLE-11319, jsc#ECO-935) (fate#326955) - Logical Partition (LPAR) losing Resource Monitoring and Control (RMC) after Live Partition Mobility (LPM) operation on POWER systems with more than 24TB main memory installed (bsc#1161925) (bsc#1158312) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-402=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (ppc64le): powerpc-utils-1.3.7.1-3.9.1 powerpc-utils-debuginfo-1.3.7.1-3.9.1 powerpc-utils-debugsource-1.3.7.1-3.9.1 References: https://bugzilla.suse.com/1158312 https://bugzilla.suse.com/1161925 From sle-updates at lists.suse.com Wed Feb 19 04:12:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 12:12:01 +0100 (CET) Subject: SUSE-RU-2020:0401-1: moderate: Recommended update for powerpc-utils Message-ID: <20200219111201.92E4EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0401-1 Rating: moderate References: #1116561 #1158312 #1161925 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for powerpc-utils fixes the following issues: - Fix for error messages returning by evaluation of ${devspec} in 'ofpathname'. (bsc#1116561) - Defining data structures to support parsing the new "ibm,drc-info" device tree property and integrate this into the existing search mechanisms of the userspace 'drmgr' driver. (jsc#SLE-11094, jsc#SLE-11193, jsc#SLE-11092, jsc#SLE-11319, jsc#ECO-935, bsc#1158312, bsc#1161925, fate#326955) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-401=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-401=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (ppc64le): powerpc-utils-1.3.7.1-5.11.1 powerpc-utils-debuginfo-1.3.7.1-5.11.1 powerpc-utils-debugsource-1.3.7.1-5.11.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le): powerpc-utils-1.3.7.1-5.11.1 powerpc-utils-debuginfo-1.3.7.1-5.11.1 powerpc-utils-debugsource-1.3.7.1-5.11.1 References: https://bugzilla.suse.com/1116561 https://bugzilla.suse.com/1158312 https://bugzilla.suse.com/1161925 From sle-updates at lists.suse.com Wed Feb 19 04:14:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 12:14:27 +0100 (CET) Subject: SUSE-RU-2020:0404-1: moderate: Recommended update for p11-kit Message-ID: <20200219111427.CB1E3F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for p11-kit ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0404-1 Rating: moderate References: #1154871 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for p11-kit fixes the following issues: - Support loading NSS attribute 'CKA_NSS_MOZILLA_CA_POLICY' so Firefox detects built-in certificates. (bsc#1154871) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-404=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-404=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-404=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-404=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-404=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): p11-kit-debuginfo-0.20.7-3.3.4 p11-kit-debugsource-0.20.7-3.3.4 p11-kit-devel-0.20.7-3.3.4 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): p11-kit-debuginfo-0.20.7-3.3.4 p11-kit-debugsource-0.20.7-3.3.4 p11-kit-devel-0.20.7-3.3.4 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libp11-kit0-0.20.7-3.3.4 libp11-kit0-debuginfo-0.20.7-3.3.4 p11-kit-0.20.7-3.3.4 p11-kit-debuginfo-0.20.7-3.3.4 p11-kit-debugsource-0.20.7-3.3.4 p11-kit-nss-trust-0.20.7-3.3.4 p11-kit-tools-0.20.7-3.3.4 p11-kit-tools-debuginfo-0.20.7-3.3.4 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libp11-kit0-32bit-0.20.7-3.3.4 libp11-kit0-debuginfo-32bit-0.20.7-3.3.4 p11-kit-32bit-0.20.7-3.3.4 p11-kit-debuginfo-32bit-0.20.7-3.3.4 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libp11-kit0-0.20.7-3.3.4 libp11-kit0-debuginfo-0.20.7-3.3.4 p11-kit-0.20.7-3.3.4 p11-kit-debuginfo-0.20.7-3.3.4 p11-kit-debugsource-0.20.7-3.3.4 p11-kit-nss-trust-0.20.7-3.3.4 p11-kit-tools-0.20.7-3.3.4 p11-kit-tools-debuginfo-0.20.7-3.3.4 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libp11-kit0-32bit-0.20.7-3.3.4 libp11-kit0-debuginfo-32bit-0.20.7-3.3.4 p11-kit-32bit-0.20.7-3.3.4 p11-kit-debuginfo-32bit-0.20.7-3.3.4 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libp11-kit0-0.20.7-3.3.4 libp11-kit0-32bit-0.20.7-3.3.4 libp11-kit0-debuginfo-0.20.7-3.3.4 libp11-kit0-debuginfo-32bit-0.20.7-3.3.4 p11-kit-0.20.7-3.3.4 p11-kit-32bit-0.20.7-3.3.4 p11-kit-debuginfo-0.20.7-3.3.4 p11-kit-debuginfo-32bit-0.20.7-3.3.4 p11-kit-debugsource-0.20.7-3.3.4 p11-kit-nss-trust-0.20.7-3.3.4 p11-kit-tools-0.20.7-3.3.4 p11-kit-tools-debuginfo-0.20.7-3.3.4 - SUSE CaaS Platform 3.0 (x86_64): libp11-kit0-0.20.7-3.3.4 libp11-kit0-debuginfo-0.20.7-3.3.4 p11-kit-0.20.7-3.3.4 p11-kit-debuginfo-0.20.7-3.3.4 p11-kit-debugsource-0.20.7-3.3.4 p11-kit-tools-0.20.7-3.3.4 p11-kit-tools-debuginfo-0.20.7-3.3.4 References: https://bugzilla.suse.com/1154871 From sle-updates at lists.suse.com Wed Feb 19 04:15:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 12:15:15 +0100 (CET) Subject: SUSE-RU-2020:0403-1: moderate: Recommended update for apache2 Message-ID: <20200219111515.9E2CEF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0403-1 Rating: moderate References: #1162027 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache2 fixes the following issues: - For for SSL Certificate chain error when using mod_ssl and mod_md in a complex setup. (bsc#1162027) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-403=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-403=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-403=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-403=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.50.1 apache2-debugsource-2.4.23-29.50.1 apache2-devel-2.4.23-29.50.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.50.1 apache2-debugsource-2.4.23-29.50.1 apache2-devel-2.4.23-29.50.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.50.1 apache2-debuginfo-2.4.23-29.50.1 apache2-debugsource-2.4.23-29.50.1 apache2-example-pages-2.4.23-29.50.1 apache2-prefork-2.4.23-29.50.1 apache2-prefork-debuginfo-2.4.23-29.50.1 apache2-utils-2.4.23-29.50.1 apache2-utils-debuginfo-2.4.23-29.50.1 apache2-worker-2.4.23-29.50.1 apache2-worker-debuginfo-2.4.23-29.50.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apache2-doc-2.4.23-29.50.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.50.1 apache2-debuginfo-2.4.23-29.50.1 apache2-debugsource-2.4.23-29.50.1 apache2-example-pages-2.4.23-29.50.1 apache2-prefork-2.4.23-29.50.1 apache2-prefork-debuginfo-2.4.23-29.50.1 apache2-utils-2.4.23-29.50.1 apache2-utils-debuginfo-2.4.23-29.50.1 apache2-worker-2.4.23-29.50.1 apache2-worker-debuginfo-2.4.23-29.50.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): apache2-doc-2.4.23-29.50.1 References: https://bugzilla.suse.com/1162027 From sle-updates at lists.suse.com Wed Feb 19 04:15:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 12:15:57 +0100 (CET) Subject: SUSE-RU-2020:0399-1: Recommended update for release-notes Message-ID: <20200219111557.8583DF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0399-1 Rating: low References: #1123873 #1127393 #1145275 #1152253 #933411 Affected Products: SUSE Linux Enterprise Server Installer 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for release-notes-sles fixes the following issues: - Updating release-notes-sles. (bsc#933411) - New notes: - Toolchain Module Enabled in Default Installation. (FATE#320679) - Reduced Memory Usage When Booting FADump Capture Kernel. (FATE#325306) - su Does Not Preserve the Value of PATH. (FATE#325802) - NV-DIMM Support (FATE#326969) - LibreOffice has been updated to version 6.2. (FATE#327121) - NVMe Multipath Handling. (FATE#327156) - Support for ibmvnic Networking Driver. (FATE#327576, bsc#1123873) - Intel Optane DC Persistent Memory Operating Modes (FATE#327794, bsc#1145275) - Document fixes and changed notes: - Fixed product name to use in bug tracker. (bsc#1152253) - Software Requiring Specific Contracts. (FATE#316990) - 'libcgroup1' removed from SLE 12 SP4 and later. (FATE#323093) - PostgreSQL Has Been Upgraded to Version 10 (FATE#325659, bsc#1127393, jsc#SLE-4302) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP4: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP4-2020-399=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-399=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP4 (noarch): release-notes-sles-12.4.20191112-2.7.24 - SUSE Linux Enterprise Server 12-SP4 (noarch): release-notes-sles-12.4.20191112-2.7.24 References: https://bugzilla.suse.com/1123873 https://bugzilla.suse.com/1127393 https://bugzilla.suse.com/1145275 https://bugzilla.suse.com/1152253 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Wed Feb 19 04:17:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 12:17:11 +0100 (CET) Subject: SUSE-RU-2019:3073-2: moderate: Recommended update for zabbix Message-ID: <20200219111712.0064EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for zabbix ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:3073-2 Rating: moderate References: #1144018 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zabbix fixes the following issues: Zabbix Agent 4.0.11 is shipped. (FATE#324346) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-400=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-400=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-400=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-400=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): zabbix-agent-4.0.12-4.3.1 zabbix-agent-debuginfo-4.0.12-4.3.1 zabbix-debugsource-4.0.12-4.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): zabbix-agent-4.0.12-4.3.1 zabbix-agent-debuginfo-4.0.12-4.3.1 zabbix-debugsource-4.0.12-4.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): zabbix-agent-4.0.12-4.3.1 zabbix-agent-debuginfo-4.0.12-4.3.1 zabbix-debugsource-4.0.12-4.3.1 - SUSE Enterprise Storage 5 (aarch64): zabbix-agent-4.0.12-4.3.1 zabbix-agent-debuginfo-4.0.12-4.3.1 zabbix-debugsource-4.0.12-4.3.1 References: https://bugzilla.suse.com/1144018 From sle-updates at lists.suse.com Wed Feb 19 07:11:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 15:11:55 +0100 (CET) Subject: SUSE-SU-2020:0406-1: important: Security update for sudo Message-ID: <20200219141155.3C8AFF798@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0406-1 Rating: important References: #1162202 #1162675 Cross-References: CVE-2019-18634 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Non-security issue fixed: - Fixed an issue where sudo -l would ask for a password even though `listpw` was set to `never` (bsc#1162675). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-406=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-406=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-406=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-406=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-406=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-406=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-406=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-406=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-406=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-406=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): sudo-1.8.20p2-3.17.1 sudo-debuginfo-1.8.20p2-3.17.1 sudo-debugsource-1.8.20p2-3.17.1 - SUSE OpenStack Cloud 8 (x86_64): sudo-1.8.20p2-3.17.1 sudo-debuginfo-1.8.20p2-3.17.1 sudo-debugsource-1.8.20p2-3.17.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.20p2-3.17.1 sudo-debugsource-1.8.20p2-3.17.1 sudo-devel-1.8.20p2-3.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): sudo-1.8.20p2-3.17.1 sudo-debuginfo-1.8.20p2-3.17.1 sudo-debugsource-1.8.20p2-3.17.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): sudo-1.8.20p2-3.17.1 sudo-debuginfo-1.8.20p2-3.17.1 sudo-debugsource-1.8.20p2-3.17.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.20p2-3.17.1 sudo-debuginfo-1.8.20p2-3.17.1 sudo-debugsource-1.8.20p2-3.17.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): sudo-1.8.20p2-3.17.1 sudo-debuginfo-1.8.20p2-3.17.1 sudo-debugsource-1.8.20p2-3.17.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): sudo-1.8.20p2-3.17.1 sudo-debuginfo-1.8.20p2-3.17.1 sudo-debugsource-1.8.20p2-3.17.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): sudo-1.8.20p2-3.17.1 sudo-debuginfo-1.8.20p2-3.17.1 sudo-debugsource-1.8.20p2-3.17.1 - SUSE CaaS Platform 3.0 (x86_64): sudo-1.8.20p2-3.17.1 sudo-debuginfo-1.8.20p2-3.17.1 sudo-debugsource-1.8.20p2-3.17.1 - HPE Helion Openstack 8 (x86_64): sudo-1.8.20p2-3.17.1 sudo-debuginfo-1.8.20p2-3.17.1 sudo-debugsource-1.8.20p2-3.17.1 References: https://www.suse.com/security/cve/CVE-2019-18634.html https://bugzilla.suse.com/1162202 https://bugzilla.suse.com/1162675 From sle-updates at lists.suse.com Wed Feb 19 07:12:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 15:12:44 +0100 (CET) Subject: SUSE-SU-2020:0409-1: important: Security update for sudo Message-ID: <20200219141244.6227AF798@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0409-1 Rating: important References: #1162202 #1162675 Cross-References: CVE-2019-18634 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Non-security issue fixed: - Fixed an issue where sudo -l would ask for a password even though `listpw` was set to `never` (bsc#1162675). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-409=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-409=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.27-4.3.1 sudo-debugsource-1.8.27-4.3.1 sudo-devel-1.8.27-4.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): sudo-1.8.27-4.3.1 sudo-debuginfo-1.8.27-4.3.1 sudo-debugsource-1.8.27-4.3.1 References: https://www.suse.com/security/cve/CVE-2019-18634.html https://bugzilla.suse.com/1162202 https://bugzilla.suse.com/1162675 From sle-updates at lists.suse.com Wed Feb 19 07:14:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 15:14:10 +0100 (CET) Subject: SUSE-SU-2020:0405-1: important: Security update for ipmitool Message-ID: <20200219141410.E808EF798@maintenance.suse.de> SUSE Security Update: Security update for ipmitool ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0405-1 Rating: important References: #1163026 Cross-References: CVE-2020-5208 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ipmitool fixes the following security issue: - CVE-2020-5208: Fixed several buffer overflows (bsc#1163026). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-405=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-405=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): ipmitool-bmc-snmp-proxy-1.8.18-7.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ipmitool-1.8.18-7.3.1 ipmitool-debuginfo-1.8.18-7.3.1 ipmitool-debugsource-1.8.18-7.3.1 References: https://www.suse.com/security/cve/CVE-2020-5208.html https://bugzilla.suse.com/1163026 From sle-updates at lists.suse.com Wed Feb 19 07:14:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 15:14:54 +0100 (CET) Subject: SUSE-SU-2020:0408-1: important: Security update for sudo Message-ID: <20200219141454.3C732F798@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0408-1 Rating: important References: #1162202 #1162675 Cross-References: CVE-2019-18634 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Non-security issue fixed: - Fixed an issue where sudo -l would ask for a password even though `listpw` was set to `never` (bsc#1162675). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-408=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-408=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-408=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-408=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-408=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-408=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-408=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-408=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): sudo-1.8.22-4.9.1 sudo-debuginfo-1.8.22-4.9.1 sudo-debugsource-1.8.22-4.9.1 sudo-devel-1.8.22-4.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): sudo-1.8.22-4.9.1 sudo-debuginfo-1.8.22-4.9.1 sudo-debugsource-1.8.22-4.9.1 sudo-devel-1.8.22-4.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.22-4.9.1 sudo-debugsource-1.8.22-4.9.1 sudo-test-1.8.22-4.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.22-4.9.1 sudo-debugsource-1.8.22-4.9.1 sudo-test-1.8.22-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): sudo-1.8.22-4.9.1 sudo-debuginfo-1.8.22-4.9.1 sudo-debugsource-1.8.22-4.9.1 sudo-devel-1.8.22-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): sudo-1.8.22-4.9.1 sudo-debuginfo-1.8.22-4.9.1 sudo-debugsource-1.8.22-4.9.1 sudo-devel-1.8.22-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): sudo-1.8.22-4.9.1 sudo-debuginfo-1.8.22-4.9.1 sudo-debugsource-1.8.22-4.9.1 sudo-devel-1.8.22-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): sudo-1.8.22-4.9.1 sudo-debuginfo-1.8.22-4.9.1 sudo-debugsource-1.8.22-4.9.1 sudo-devel-1.8.22-4.9.1 References: https://www.suse.com/security/cve/CVE-2019-18634.html https://bugzilla.suse.com/1162202 https://bugzilla.suse.com/1162675 From sle-updates at lists.suse.com Wed Feb 19 07:15:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 15:15:44 +0100 (CET) Subject: SUSE-SU-2020:0413-1: moderate: Security update for enigmail Message-ID: <20200219141544.EF4F5F798@maintenance.suse.de> SUSE Security Update: Security update for enigmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0413-1 Rating: moderate References: #1159973 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for enigmail fixes the following issues: enigmail was updated to 2.1.5: * Security issue: unsigned MIME parts displayed as signed (bsc#1159973) * Ensure that upgrading GnuPG 2.0.x to 2.2.x upgrade converts keyring format * Make Enigmail Compatible with Protected-Headers spec, draft 2 enigmail 2.1.4: * Fixes for UI glitches * Option to "Attach public key to messages" was not restored properly enigmail 2.1.3: * fix a bug in the setup wizard that could lead the wizard to never complete scanning the inbox Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-413=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): enigmail-2.1.5-3.22.1 References: https://bugzilla.suse.com/1159973 From sle-updates at lists.suse.com Wed Feb 19 07:16:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 15:16:27 +0100 (CET) Subject: SUSE-SU-2020:0411-1: moderate: Security update for ImageMagick Message-ID: <20200219141627.18DF3F798@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0411-1 Rating: moderate References: #1159861 #1160369 #1161194 Cross-References: CVE-2019-19948 CVE-2019-19949 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for ImageMagick fixes the following issues: Security issue fixed: - CVE-2019-19948: Fixed a heap-based buffer overflow in WriteSGIImage() (bsc#1159861). - CVE-2019-19949: Fixed a heap-based buffer over-read in WritePNGImage() (bsc#1160369). Non-security issue fixed: - Fixed an issue where converting tiff to png would lead to unviewable files (bsc#1161194). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-411=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2020-411=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-411=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-411=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-411=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-411=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-411=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): ImageMagick-6.8.8.1-71.141.1 ImageMagick-debuginfo-6.8.8.1-71.141.1 ImageMagick-debugsource-6.8.8.1-71.141.1 libMagick++-6_Q16-3-6.8.8.1-71.141.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.141.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.141.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.141.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): ImageMagick-6.8.8.1-71.141.1 ImageMagick-config-6-SUSE-6.8.8.1-71.141.1 ImageMagick-config-6-upstream-6.8.8.1-71.141.1 ImageMagick-debuginfo-6.8.8.1-71.141.1 ImageMagick-debugsource-6.8.8.1-71.141.1 libMagick++-6_Q16-3-6.8.8.1-71.141.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.141.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.141.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.141.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.141.1 ImageMagick-config-6-SUSE-6.8.8.1-71.141.1 ImageMagick-config-6-upstream-6.8.8.1-71.141.1 ImageMagick-debuginfo-6.8.8.1-71.141.1 ImageMagick-debugsource-6.8.8.1-71.141.1 ImageMagick-devel-6.8.8.1-71.141.1 libMagick++-6_Q16-3-6.8.8.1-71.141.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.141.1 libMagick++-devel-6.8.8.1-71.141.1 perl-PerlMagick-6.8.8.1-71.141.1 perl-PerlMagick-debuginfo-6.8.8.1-71.141.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.141.1 ImageMagick-debuginfo-6.8.8.1-71.141.1 ImageMagick-debugsource-6.8.8.1-71.141.1 ImageMagick-devel-6.8.8.1-71.141.1 libMagick++-6_Q16-3-6.8.8.1-71.141.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.141.1 libMagick++-devel-6.8.8.1-71.141.1 perl-PerlMagick-6.8.8.1-71.141.1 perl-PerlMagick-debuginfo-6.8.8.1-71.141.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.141.1 ImageMagick-config-6-upstream-6.8.8.1-71.141.1 ImageMagick-debuginfo-6.8.8.1-71.141.1 ImageMagick-debugsource-6.8.8.1-71.141.1 libMagickCore-6_Q16-1-6.8.8.1-71.141.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.141.1 libMagickWand-6_Q16-1-6.8.8.1-71.141.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.141.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.141.1 ImageMagick-config-6-upstream-6.8.8.1-71.141.1 ImageMagick-debuginfo-6.8.8.1-71.141.1 ImageMagick-debugsource-6.8.8.1-71.141.1 libMagickCore-6_Q16-1-6.8.8.1-71.141.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.141.1 libMagickWand-6_Q16-1-6.8.8.1-71.141.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.141.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ImageMagick-6.8.8.1-71.141.1 ImageMagick-config-6-SUSE-6.8.8.1-71.141.1 ImageMagick-config-6-upstream-6.8.8.1-71.141.1 ImageMagick-debuginfo-6.8.8.1-71.141.1 ImageMagick-debugsource-6.8.8.1-71.141.1 libMagick++-6_Q16-3-6.8.8.1-71.141.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.141.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.141.1 libMagickCore-6_Q16-1-6.8.8.1-71.141.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.141.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.141.1 libMagickWand-6_Q16-1-6.8.8.1-71.141.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.141.1 References: https://www.suse.com/security/cve/CVE-2019-19948.html https://www.suse.com/security/cve/CVE-2019-19949.html https://bugzilla.suse.com/1159861 https://bugzilla.suse.com/1160369 https://bugzilla.suse.com/1161194 From sle-updates at lists.suse.com Wed Feb 19 07:17:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 15:17:26 +0100 (CET) Subject: SUSE-RU-2020:0414-1: moderate: Recommended update for gdm Message-ID: <20200219141726.0B5ABF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0414-1 Rating: moderate References: #1098063 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gdm fixes the following issues: - Make gdm ready to support transactional updates (bsc#1098063) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-414=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-414=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): gdm-branding-upstream-3.26.2.1-13.33.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): gdm-3.26.2.1-13.33.1 gdm-debuginfo-3.26.2.1-13.33.1 gdm-debugsource-3.26.2.1-13.33.1 gdm-devel-3.26.2.1-13.33.1 libgdm1-3.26.2.1-13.33.1 libgdm1-debuginfo-3.26.2.1-13.33.1 typelib-1_0-Gdm-1_0-3.26.2.1-13.33.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): gdm-lang-3.26.2.1-13.33.1 gdmflexiserver-3.26.2.1-13.33.1 References: https://bugzilla.suse.com/1098063 From sle-updates at lists.suse.com Wed Feb 19 07:18:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 15:18:09 +0100 (CET) Subject: SUSE-RU-2020:0415-1: moderate: Recommended update for yast2-update Message-ID: <20200219141809.690EAF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0415-1 Rating: moderate References: #1158914 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-update fixes the following issues: - In case of aborting upgrade procedure the old settings (e.g. RPM database) are stored. (bsc#1158914) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-415=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-415=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-update-FACTORY-4.1.12-3.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-update-4.1.12-3.9.2 References: https://bugzilla.suse.com/1158914 From sle-updates at lists.suse.com Wed Feb 19 07:18:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 15:18:51 +0100 (CET) Subject: SUSE-RU-2020:0416-1: moderate: Recommended update for python-configshell Message-ID: <20200219141851.C131DF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-configshell ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0416-1 Rating: moderate References: #1143852 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-configshell fixes the following issues: - Fix non-interactive sessions, which may require further inputs through readline. (bsc#1143852) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-416=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-416=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): python-configshell-1.6-3.3.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-configshell-1.6-3.3.2 References: https://bugzilla.suse.com/1143852 From sle-updates at lists.suse.com Wed Feb 19 07:19:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 15:19:34 +0100 (CET) Subject: SUSE-SU-2020:0412-1: moderate: Security update for dpdk Message-ID: <20200219141934.1A12EF798@maintenance.suse.de> SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0412-1 Rating: moderate References: #1151455 #1156146 #1157179 Cross-References: CVE-2019-14818 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for dpdk to version 18.11.3 fixes the following issues: dpdk was updated to 18.11.3 Security issue fixed: - CVE-2019-14818: Fixed a memory leak vulnerability caused by a malicious container may lead to to denial of service (bsc#1156146). Other issues addressed: - Changed to multibuild (bsc#1151455). - Fixed a regression caused by loading old version drivers (bsc#1157179). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-412=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-412=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le x86_64): dpdk-debuginfo-18.11.3-3.6.1 dpdk-debugsource-18.11.3-3.6.1 dpdk-devel-18.11.3-3.6.1 dpdk-devel-debuginfo-18.11.3-3.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64): dpdk-thunderx-debuginfo-18.11.3-3.6.1 dpdk-thunderx-debugsource-18.11.3-3.6.1 dpdk-thunderx-devel-18.11.3-3.6.1 dpdk-thunderx-devel-debuginfo-18.11.3-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le x86_64): dpdk-18.11.3-3.6.1 dpdk-debuginfo-18.11.3-3.6.1 dpdk-debugsource-18.11.3-3.6.1 dpdk-tools-18.11.3-3.6.1 dpdk-tools-debuginfo-18.11.3-3.6.1 libdpdk-18_11-18.11.3-3.6.1 libdpdk-18_11-debuginfo-18.11.3-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): dpdk-thunderx-18.11.3-3.6.1 dpdk-thunderx-debuginfo-18.11.3-3.6.1 dpdk-thunderx-debugsource-18.11.3-3.6.1 dpdk-thunderx-kmp-default-18.11.3_k4.12.14_122.12-3.6.1 dpdk-thunderx-kmp-default-debuginfo-18.11.3_k4.12.14_122.12-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): dpdk-kmp-default-18.11.3_k4.12.14_122.12-3.6.1 dpdk-kmp-default-debuginfo-18.11.3_k4.12.14_122.12-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-14818.html https://bugzilla.suse.com/1151455 https://bugzilla.suse.com/1156146 https://bugzilla.suse.com/1157179 From sle-updates at lists.suse.com Wed Feb 19 07:20:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 15:20:35 +0100 (CET) Subject: SUSE-SU-2020:0410-1: important: Security update for wicked Message-ID: <20200219142035.35542F798@maintenance.suse.de> SUSE Security Update: Security update for wicked ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0410-1 Rating: important References: #1160903 #1160904 #1160905 #1160906 Cross-References: CVE-2019-18902 CVE-2019-18903 CVE-2020-7216 CVE-2020-7217 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for wicked fixes the following issues: - CVE-2019-18902: Fixed a use-after-free when receiving invalid DHCP6 client options (bsc#1160903). - CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IA_PD option (bsc#1160904). - CVE-2020-7216: Fixed a potential denial of service via a memory leak when processing packets with missing message type option in DHCP4 (bsc#1160905). - CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids (bsc#1160906). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-410=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-410=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-410=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-410=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-410=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-410=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-410=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-410=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-410=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-410=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-410=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): wicked-0.6.60-38.27.1 wicked-debuginfo-0.6.60-38.27.1 wicked-debugsource-0.6.60-38.27.1 wicked-service-0.6.60-38.27.1 - SUSE OpenStack Cloud 8 (x86_64): wicked-0.6.60-38.27.1 wicked-debuginfo-0.6.60-38.27.1 wicked-debugsource-0.6.60-38.27.1 wicked-service-0.6.60-38.27.1 - SUSE OpenStack Cloud 7 (s390x x86_64): wicked-0.6.60-38.27.1 wicked-debuginfo-0.6.60-38.27.1 wicked-debugsource-0.6.60-38.27.1 wicked-service-0.6.60-38.27.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): wicked-0.6.60-38.27.1 wicked-debuginfo-0.6.60-38.27.1 wicked-debugsource-0.6.60-38.27.1 wicked-service-0.6.60-38.27.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): wicked-0.6.60-38.27.1 wicked-debuginfo-0.6.60-38.27.1 wicked-debugsource-0.6.60-38.27.1 wicked-service-0.6.60-38.27.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): wicked-0.6.60-38.27.1 wicked-debuginfo-0.6.60-38.27.1 wicked-debugsource-0.6.60-38.27.1 wicked-service-0.6.60-38.27.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): wicked-0.6.60-38.27.1 wicked-debuginfo-0.6.60-38.27.1 wicked-debugsource-0.6.60-38.27.1 wicked-service-0.6.60-38.27.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): wicked-0.6.60-38.27.1 wicked-debuginfo-0.6.60-38.27.1 wicked-debugsource-0.6.60-38.27.1 wicked-service-0.6.60-38.27.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): wicked-0.6.60-38.27.1 wicked-debuginfo-0.6.60-38.27.1 wicked-debugsource-0.6.60-38.27.1 wicked-service-0.6.60-38.27.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): wicked-0.6.60-38.27.1 wicked-debuginfo-0.6.60-38.27.1 wicked-debugsource-0.6.60-38.27.1 wicked-service-0.6.60-38.27.1 - SUSE CaaS Platform 3.0 (x86_64): wicked-0.6.60-38.27.1 wicked-debuginfo-0.6.60-38.27.1 wicked-debugsource-0.6.60-38.27.1 wicked-service-0.6.60-38.27.1 - HPE Helion Openstack 8 (x86_64): wicked-0.6.60-38.27.1 wicked-debuginfo-0.6.60-38.27.1 wicked-debugsource-0.6.60-38.27.1 wicked-service-0.6.60-38.27.1 References: https://www.suse.com/security/cve/CVE-2019-18902.html https://www.suse.com/security/cve/CVE-2019-18903.html https://www.suse.com/security/cve/CVE-2020-7216.html https://www.suse.com/security/cve/CVE-2020-7217.html https://bugzilla.suse.com/1160903 https://bugzilla.suse.com/1160904 https://bugzilla.suse.com/1160905 https://bugzilla.suse.com/1160906 From sle-updates at lists.suse.com Wed Feb 19 07:21:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 15:21:42 +0100 (CET) Subject: SUSE-RU-2020:0417-1: moderate: Recommended update for chrony Message-ID: <20200219142142.CCE8FF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for chrony ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0417-1 Rating: moderate References: #1159840 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for chrony fixes the following issues: - Fix "make check" builds made after 2019-12-20. Existing installations do not need to be updated as the bug only affects the test, but not chrony itself (bsc#1159840). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-417=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): chrony-3.2-9.9.1 chrony-debuginfo-3.2-9.9.1 chrony-debugsource-3.2-9.9.1 References: https://bugzilla.suse.com/1159840 From sle-updates at lists.suse.com Wed Feb 19 07:22:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 15:22:24 +0100 (CET) Subject: SUSE-SU-2020:0407-1: important: Security update for sudo Message-ID: <20200219142224.1501FF798@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0407-1 Rating: important References: #1162202 Cross-References: CVE-2019-18634 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issue: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-407=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-407=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-407=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-407=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): sudo-1.8.10p3-10.26.1 sudo-debuginfo-1.8.10p3-10.26.1 sudo-debugsource-1.8.10p3-10.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): sudo-1.8.10p3-10.26.1 sudo-debuginfo-1.8.10p3-10.26.1 sudo-debugsource-1.8.10p3-10.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): sudo-1.8.10p3-10.26.1 sudo-debuginfo-1.8.10p3-10.26.1 sudo-debugsource-1.8.10p3-10.26.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): sudo-1.8.10p3-10.26.1 sudo-debuginfo-1.8.10p3-10.26.1 sudo-debugsource-1.8.10p3-10.26.1 References: https://www.suse.com/security/cve/CVE-2019-18634.html https://bugzilla.suse.com/1162202 From sle-updates at lists.suse.com Wed Feb 19 10:11:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 18:11:37 +0100 (CET) Subject: SUSE-RU-2020:0418-1: moderate: Recommended update for openssl-1_1 Message-ID: <20200219171137.54632F796@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0418-1 Rating: moderate References: #1163569 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-1_1 fixes the following issues: - FIPS: Fixed wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-418=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-418=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-418=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-418=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-418=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-418=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-4.36.1 libopenssl1_1-1.1.0i-4.36.1 libopenssl1_1-debuginfo-1.1.0i-4.36.1 libopenssl1_1-hmac-1.1.0i-4.36.1 openssl-1_1-1.1.0i-4.36.1 openssl-1_1-debuginfo-1.1.0i-4.36.1 openssl-1_1-debugsource-1.1.0i-4.36.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libopenssl1_1-32bit-1.1.0i-4.36.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.36.1 libopenssl1_1-hmac-32bit-1.1.0i-4.36.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenssl-1_1-devel-1.1.0i-4.36.1 libopenssl1_1-1.1.0i-4.36.1 libopenssl1_1-debuginfo-1.1.0i-4.36.1 libopenssl1_1-hmac-1.1.0i-4.36.1 openssl-1_1-1.1.0i-4.36.1 openssl-1_1-debuginfo-1.1.0i-4.36.1 openssl-1_1-debugsource-1.1.0i-4.36.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-4.36.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): openssl-1_1-doc-1.1.0i-4.36.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-4.36.1 libopenssl1_1-1.1.0i-4.36.1 libopenssl1_1-debuginfo-1.1.0i-4.36.1 libopenssl1_1-hmac-1.1.0i-4.36.1 openssl-1_1-1.1.0i-4.36.1 openssl-1_1-debuginfo-1.1.0i-4.36.1 openssl-1_1-debugsource-1.1.0i-4.36.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-4.36.1 libopenssl1_1-32bit-1.1.0i-4.36.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.36.1 libopenssl1_1-hmac-32bit-1.1.0i-4.36.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-4.36.1 libopenssl1_1-1.1.0i-4.36.1 libopenssl1_1-debuginfo-1.1.0i-4.36.1 libopenssl1_1-hmac-1.1.0i-4.36.1 openssl-1_1-1.1.0i-4.36.1 openssl-1_1-debuginfo-1.1.0i-4.36.1 openssl-1_1-debugsource-1.1.0i-4.36.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libopenssl1_1-32bit-1.1.0i-4.36.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.36.1 libopenssl1_1-hmac-32bit-1.1.0i-4.36.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-4.36.1 libopenssl1_1-1.1.0i-4.36.1 libopenssl1_1-debuginfo-1.1.0i-4.36.1 libopenssl1_1-hmac-1.1.0i-4.36.1 openssl-1_1-1.1.0i-4.36.1 openssl-1_1-debuginfo-1.1.0i-4.36.1 openssl-1_1-debugsource-1.1.0i-4.36.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libopenssl1_1-32bit-1.1.0i-4.36.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.36.1 libopenssl1_1-hmac-32bit-1.1.0i-4.36.1 References: https://bugzilla.suse.com/1163569 From sle-updates at lists.suse.com Wed Feb 19 10:12:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 18:12:16 +0100 (CET) Subject: SUSE-SU-2020:0420-1: moderate: Security update for slurm Message-ID: <20200219171216.B6DA6F796@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0420-1 Rating: moderate References: #1159692 Cross-References: CVE-2019-19728 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slurm fixes the following issues: - CVE-2019-19728: Fixed a privilege escalation with srun (bsc#1159692). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2020-420=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libpmi0-17.02.11-6.39.1 libpmi0-debuginfo-17.02.11-6.39.1 libslurm31-17.02.11-6.39.1 libslurm31-debuginfo-17.02.11-6.39.1 perl-slurm-17.02.11-6.39.1 perl-slurm-debuginfo-17.02.11-6.39.1 slurm-17.02.11-6.39.1 slurm-auth-none-17.02.11-6.39.1 slurm-auth-none-debuginfo-17.02.11-6.39.1 slurm-config-17.02.11-6.39.1 slurm-debuginfo-17.02.11-6.39.1 slurm-debugsource-17.02.11-6.39.1 slurm-devel-17.02.11-6.39.1 slurm-doc-17.02.11-6.39.1 slurm-lua-17.02.11-6.39.1 slurm-lua-debuginfo-17.02.11-6.39.1 slurm-munge-17.02.11-6.39.1 slurm-munge-debuginfo-17.02.11-6.39.1 slurm-pam_slurm-17.02.11-6.39.1 slurm-pam_slurm-debuginfo-17.02.11-6.39.1 slurm-plugins-17.02.11-6.39.1 slurm-plugins-debuginfo-17.02.11-6.39.1 slurm-sched-wiki-17.02.11-6.39.1 slurm-slurmdb-direct-17.02.11-6.39.1 slurm-slurmdbd-17.02.11-6.39.1 slurm-slurmdbd-debuginfo-17.02.11-6.39.1 slurm-sql-17.02.11-6.39.1 slurm-sql-debuginfo-17.02.11-6.39.1 slurm-torque-17.02.11-6.39.1 slurm-torque-debuginfo-17.02.11-6.39.1 References: https://www.suse.com/security/cve/CVE-2019-19728.html https://bugzilla.suse.com/1159692 From sle-updates at lists.suse.com Wed Feb 19 10:12:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 18:12:57 +0100 (CET) Subject: SUSE-RU-2020:0337-2: moderate: Recommended update for python-rpm-macros Message-ID: <20200219171257.957BFF796@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-rpm-macros ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0337-2 Rating: moderate References: #1161770 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-rpm-macros fixes the following issues: - Add macros related to the Python dist metadata dependency generator. (bsc#1161770) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-337=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-337=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-337=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-337=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-337=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-337=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-337=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-337=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-337=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-337=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-337=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-rpm-macros-20200117.8e39013-3.13.1 - SUSE OpenStack Cloud 8 (noarch): python-rpm-macros-20200117.8e39013-3.13.1 - SUSE OpenStack Cloud 7 (noarch): python-rpm-macros-20200117.8e39013-3.13.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): python-rpm-macros-20200117.8e39013-3.13.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-rpm-macros-20200117.8e39013-3.13.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): python-rpm-macros-20200117.8e39013-3.13.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): python-rpm-macros-20200117.8e39013-3.13.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-rpm-macros-20200117.8e39013-3.13.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-rpm-macros-20200117.8e39013-3.13.1 - SUSE Enterprise Storage 5 (noarch): python-rpm-macros-20200117.8e39013-3.13.1 - HPE Helion Openstack 8 (noarch): python-rpm-macros-20200117.8e39013-3.13.1 References: https://bugzilla.suse.com/1161770 From sle-updates at lists.suse.com Wed Feb 19 10:13:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 18:13:42 +0100 (CET) Subject: SUSE-SU-2020:0419-1: moderate: Security update for dnsmasq Message-ID: <20200219171342.06CD0F796@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0419-1 Rating: moderate References: #1138743 #1154849 Cross-References: CVE-2019-14834 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) Other issue addressed: - Removed cache size limit (bsc#1138743). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-419=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-419=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-419=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-419=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-419=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-419=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-419=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-419=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-419=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): dnsmasq-debuginfo-2.78-18.12.1 dnsmasq-debugsource-2.78-18.12.1 dnsmasq-utils-2.78-18.12.1 dnsmasq-utils-debuginfo-2.78-18.12.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): dnsmasq-debuginfo-2.78-18.12.1 dnsmasq-debugsource-2.78-18.12.1 dnsmasq-utils-2.78-18.12.1 dnsmasq-utils-debuginfo-2.78-18.12.1 - SUSE OpenStack Cloud 9 (x86_64): dnsmasq-debuginfo-2.78-18.12.1 dnsmasq-debugsource-2.78-18.12.1 dnsmasq-utils-2.78-18.12.1 dnsmasq-utils-debuginfo-2.78-18.12.1 - SUSE OpenStack Cloud 8 (x86_64): dnsmasq-debuginfo-2.78-18.12.1 dnsmasq-debugsource-2.78-18.12.1 dnsmasq-utils-2.78-18.12.1 dnsmasq-utils-debuginfo-2.78-18.12.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): dnsmasq-debuginfo-2.78-18.12.1 dnsmasq-debugsource-2.78-18.12.1 dnsmasq-utils-2.78-18.12.1 dnsmasq-utils-debuginfo-2.78-18.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-18.12.1 dnsmasq-debuginfo-2.78-18.12.1 dnsmasq-debugsource-2.78-18.12.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-18.12.1 dnsmasq-debuginfo-2.78-18.12.1 dnsmasq-debugsource-2.78-18.12.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dnsmasq-2.78-18.12.1 dnsmasq-debuginfo-2.78-18.12.1 dnsmasq-debugsource-2.78-18.12.1 - HPE Helion Openstack 8 (x86_64): dnsmasq-debuginfo-2.78-18.12.1 dnsmasq-debugsource-2.78-18.12.1 dnsmasq-utils-2.78-18.12.1 dnsmasq-utils-debuginfo-2.78-18.12.1 References: https://www.suse.com/security/cve/CVE-2019-14834.html https://bugzilla.suse.com/1138743 https://bugzilla.suse.com/1154849 From sle-updates at lists.suse.com Wed Feb 19 10:14:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 18:14:36 +0100 (CET) Subject: SUSE-RU-2020:0421-1: moderate: Recommended update for postgresql Message-ID: <20200219171436.465DEF796@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0421-1 Rating: moderate References: #1159335 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql fixes the following issues: - Fix an error in the creation of /var/lib/pgsql/.bash_profile with the tmpfiles mechanism. (bsc#1159335) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-421=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-421=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-421=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): postgresql-contrib-10-8.6.1 postgresql-devel-10-8.6.1 postgresql-docs-10-8.6.1 postgresql-plperl-10-8.6.1 postgresql-plpython-10-8.6.1 postgresql-pltcl-10-8.6.1 postgresql-server-10-8.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): postgresql-test-10-8.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): postgresql-10-8.6.1 References: https://bugzilla.suse.com/1159335 From sle-updates at lists.suse.com Wed Feb 19 11:35:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 19:35:56 +0100 (CET) Subject: SUSE-CU-2020:56-1: Security update of suse/sles12sp4 Message-ID: <20200219183556.6B746F79E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:56-1 Container Tags : suse/sles12sp4:26.137 , suse/sles12sp4:latest Container Release : 26.137 Severity : moderate Type : security References : 1114592 1135254 1141897 1142649 1142654 1148517 1149145 CVE-2019-14250 CVE-2019-15847 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:394-1 Released: Tue Feb 18 14:08:00 2020 Summary: Security update for gcc9 Type: security Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847 Description: This update for gcc9 fixes the following issues: The GNU Compiler Collection is shipped in version 9. A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html The compilers have been added to the SUSE Linux Enterprise Toolchain Module. To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9 CXX=g++-9 set. For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and other compiler libraries have been switched from their gcc8 variants to their gcc9 variants. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) From sle-updates at lists.suse.com Wed Feb 19 11:40:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 19:40:23 +0100 (CET) Subject: SUSE-CU-2020:57-1: Security update of suse/sles12sp3 Message-ID: <20200219184023.2A208F79E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:57-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.109 , suse/sles12sp3:latest Container Release : 24.109 Severity : moderate Type : security References : 1114592 1135254 1141897 1142649 1142654 1148517 1149145 CVE-2019-14250 CVE-2019-15847 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:394-1 Released: Tue Feb 18 14:08:00 2020 Summary: Security update for gcc9 Type: security Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847 Description: This update for gcc9 fixes the following issues: The GNU Compiler Collection is shipped in version 9. A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html The compilers have been added to the SUSE Linux Enterprise Toolchain Module. To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9 CXX=g++-9 set. For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and other compiler libraries have been switched from their gcc8 variants to their gcc9 variants. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) From sle-updates at lists.suse.com Wed Feb 19 11:29:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 19:29:09 +0100 (CET) Subject: SUSE-CU-2020:55-1: Security update of suse/sles12sp5 Message-ID: <20200219182909.1CB0BFC56@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:55-1 Container Tags : suse/sles12sp5:5.2.289 , suse/sles12sp5:latest Container Release : 5.2.289 Severity : moderate Type : security References : 1114592 1135254 1141897 1142649 1142654 1148517 1149145 CVE-2019-14250 CVE-2019-15847 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:394-1 Released: Tue Feb 18 14:08:00 2020 Summary: Security update for gcc9 Type: security Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847 Description: This update for gcc9 fixes the following issues: The GNU Compiler Collection is shipped in version 9. A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html The compilers have been added to the SUSE Linux Enterprise Toolchain Module. To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9 CXX=g++-9 set. For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and other compiler libraries have been switched from their gcc8 variants to their gcc9 variants. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) From sle-updates at lists.suse.com Wed Feb 19 13:11:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Feb 2020 21:11:08 +0100 (CET) Subject: SUSE-SU-2020:0424-1: moderate: Security update for rsyslog Message-ID: <20200219201108.C6983F798@maintenance.suse.de> SUSE Security Update: Security update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0424-1 Rating: moderate References: #1015203 #1022804 #1153451 #1153459 Cross-References: CVE-2019-17041 CVE-2019-17042 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for rsyslog fixes the following issues: Security issues fixed: - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451). - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459). Non-security issues fixed: - Handle multiline messages correctly when using the imfile module. (bsc#1015203) - Fix a race condition in the shutdown sequence in wtp that was causing rsyslog not to shutdown properly. (bsc#1022804) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-424=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-424=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): rsyslog-8.4.0-13.8.1 rsyslog-debuginfo-8.4.0-13.8.1 rsyslog-debugsource-8.4.0-13.8.1 rsyslog-diag-tools-8.4.0-13.8.1 rsyslog-diag-tools-debuginfo-8.4.0-13.8.1 rsyslog-doc-8.4.0-13.8.1 rsyslog-module-gssapi-8.4.0-13.8.1 rsyslog-module-gssapi-debuginfo-8.4.0-13.8.1 rsyslog-module-gtls-8.4.0-13.8.1 rsyslog-module-gtls-debuginfo-8.4.0-13.8.1 rsyslog-module-mysql-8.4.0-13.8.1 rsyslog-module-mysql-debuginfo-8.4.0-13.8.1 rsyslog-module-pgsql-8.4.0-13.8.1 rsyslog-module-pgsql-debuginfo-8.4.0-13.8.1 rsyslog-module-relp-8.4.0-13.8.1 rsyslog-module-relp-debuginfo-8.4.0-13.8.1 rsyslog-module-snmp-8.4.0-13.8.1 rsyslog-module-snmp-debuginfo-8.4.0-13.8.1 rsyslog-module-udpspoof-8.4.0-13.8.1 rsyslog-module-udpspoof-debuginfo-8.4.0-13.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): rsyslog-8.4.0-13.8.1 rsyslog-debuginfo-8.4.0-13.8.1 rsyslog-debugsource-8.4.0-13.8.1 rsyslog-diag-tools-8.4.0-13.8.1 rsyslog-diag-tools-debuginfo-8.4.0-13.8.1 rsyslog-doc-8.4.0-13.8.1 rsyslog-module-gssapi-8.4.0-13.8.1 rsyslog-module-gssapi-debuginfo-8.4.0-13.8.1 rsyslog-module-gtls-8.4.0-13.8.1 rsyslog-module-gtls-debuginfo-8.4.0-13.8.1 rsyslog-module-mysql-8.4.0-13.8.1 rsyslog-module-mysql-debuginfo-8.4.0-13.8.1 rsyslog-module-pgsql-8.4.0-13.8.1 rsyslog-module-pgsql-debuginfo-8.4.0-13.8.1 rsyslog-module-relp-8.4.0-13.8.1 rsyslog-module-relp-debuginfo-8.4.0-13.8.1 rsyslog-module-snmp-8.4.0-13.8.1 rsyslog-module-snmp-debuginfo-8.4.0-13.8.1 rsyslog-module-udpspoof-8.4.0-13.8.1 rsyslog-module-udpspoof-debuginfo-8.4.0-13.8.1 References: https://www.suse.com/security/cve/CVE-2019-17041.html https://www.suse.com/security/cve/CVE-2019-17042.html https://bugzilla.suse.com/1015203 https://bugzilla.suse.com/1022804 https://bugzilla.suse.com/1153451 https://bugzilla.suse.com/1153459 From sle-updates at lists.suse.com Thu Feb 20 03:15:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Feb 2020 11:15:01 +0100 (CET) Subject: SUSE-CU-2020:58-1: Recommended update of suse/sle15 Message-ID: <20200220101501.48147F798@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:58-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.149 Container Release : 4.22.149 Severity : moderate Type : recommended References : 1163569 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:418-1 Released: Wed Feb 19 13:23:13 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1163569 Description: This update for openssl-1_1 fixes the following issues: - FIPS: Fixed wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) From sle-updates at lists.suse.com Thu Feb 20 03:17:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Feb 2020 11:17:08 +0100 (CET) Subject: SUSE-CU-2020:59-1: Recommended update of suse/sles12sp5 Message-ID: <20200220101708.50FE1F798@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:59-1 Container Tags : suse/sles12sp5:5.2.291 , suse/sles12sp5:latest Container Release : 5.2.291 Severity : moderate Type : recommended References : 1154871 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:404-1 Released: Wed Feb 19 09:05:47 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1154871 Description: This update for p11-kit fixes the following issues: - Support loading NSS attribute 'CKA_NSS_MOZILLA_CA_POLICY' so Firefox detects built-in certificates. (bsc#1154871) From sle-updates at lists.suse.com Thu Feb 20 03:23:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Feb 2020 11:23:36 +0100 (CET) Subject: SUSE-CU-2020:60-1: Recommended update of suse/sles12sp4 Message-ID: <20200220102336.CAE45F798@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:60-1 Container Tags : suse/sles12sp4:26.139 , suse/sles12sp4:latest Container Release : 26.139 Severity : moderate Type : recommended References : 1154871 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:404-1 Released: Wed Feb 19 09:05:47 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1154871 Description: This update for p11-kit fixes the following issues: - Support loading NSS attribute 'CKA_NSS_MOZILLA_CA_POLICY' so Firefox detects built-in certificates. (bsc#1154871) From sle-updates at lists.suse.com Thu Feb 20 03:28:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Feb 2020 11:28:16 +0100 (CET) Subject: SUSE-CU-2020:61-1: Recommended update of suse/sles12sp3 Message-ID: <20200220102816.54FF6F798@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:61-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.110 , suse/sles12sp3:latest Container Release : 24.110 Severity : moderate Type : recommended References : 1154871 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:404-1 Released: Wed Feb 19 09:05:47 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1154871 Description: This update for p11-kit fixes the following issues: - Support loading NSS attribute 'CKA_NSS_MOZILLA_CA_POLICY' so Firefox detects built-in certificates. (bsc#1154871) From sle-updates at lists.suse.com Thu Feb 20 04:11:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Feb 2020 12:11:48 +0100 (CET) Subject: SUSE-RU-2020:0425-1: moderate: Recommended update for openmpi3 Message-ID: <20200220111148.D9EC9F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for openmpi3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0425-1 Rating: moderate References: #1047218 #1074890 #1078364 #1080259 #1084909 #1086821 #1091714 #1098653 #1116458 #1125651 #1132949 #1155863 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP1 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update for openmpi3 fixes the following issues: This update adds the openmpi3 libraries to the SUSE Linux Enterprise HPC Module. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2020-425=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): libopenmpi3-gnu-hpc-3.1.4-3.3.8 libopenmpi_3_1_4-gnu-hpc-3.1.4-3.3.8 libopenmpi_3_1_4-gnu-hpc-debuginfo-3.1.4-3.3.8 openmpi3-gnu-hpc-3.1.4-3.3.8 openmpi3-gnu-hpc-devel-static-3.1.4-3.3.8 openmpi_3_1_4-gnu-hpc-3.1.4-3.3.8 openmpi_3_1_4-gnu-hpc-debuginfo-3.1.4-3.3.8 openmpi_3_1_4-gnu-hpc-debugsource-3.1.4-3.3.8 openmpi_3_1_4-gnu-hpc-devel-3.1.4-3.3.8 openmpi_3_1_4-gnu-hpc-devel-debuginfo-3.1.4-3.3.8 openmpi_3_1_4-gnu-hpc-devel-static-3.1.4-3.3.8 openmpi_3_1_4-gnu-hpc-docs-3.1.4-3.3.8 openmpi_3_1_4-gnu-hpc-macros-devel-3.1.4-3.3.8 - SUSE Linux Enterprise Module for HPC 15-SP1 (noarch): openmpi3-gnu-hpc-devel-3.1.4-3.3.8 openmpi3-gnu-hpc-docs-3.1.4-3.3.8 openmpi3-gnu-hpc-macros-devel-3.1.4-3.3.8 References: https://bugzilla.suse.com/1047218 https://bugzilla.suse.com/1074890 https://bugzilla.suse.com/1078364 https://bugzilla.suse.com/1080259 https://bugzilla.suse.com/1084909 https://bugzilla.suse.com/1086821 https://bugzilla.suse.com/1091714 https://bugzilla.suse.com/1098653 https://bugzilla.suse.com/1116458 https://bugzilla.suse.com/1125651 https://bugzilla.suse.com/1132949 https://bugzilla.suse.com/1155863 From sle-updates at lists.suse.com Thu Feb 20 07:11:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Feb 2020 15:11:20 +0100 (CET) Subject: SUSE-SU-2020:0427-1: important: Security update for nodejs10 Message-ID: <20200220141120.BE20EF798@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0427-1 Rating: important References: #1163102 #1163103 #1163104 Cross-References: CVE-2019-15604 CVE-2019-15605 CVE-2019-15606 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.19.0. Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). - CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-427=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs10-10.19.0-1.18.1 nodejs10-debuginfo-10.19.0-1.18.1 nodejs10-debugsource-10.19.0-1.18.1 nodejs10-devel-10.19.0-1.18.1 npm10-10.19.0-1.18.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs10-docs-10.19.0-1.18.1 References: https://www.suse.com/security/cve/CVE-2019-15604.html https://www.suse.com/security/cve/CVE-2019-15605.html https://www.suse.com/security/cve/CVE-2019-15606.html https://bugzilla.suse.com/1163102 https://bugzilla.suse.com/1163103 https://bugzilla.suse.com/1163104 From sle-updates at lists.suse.com Thu Feb 20 07:12:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Feb 2020 15:12:18 +0100 (CET) Subject: SUSE-SU-2020:14286-1: important: Security update for java-1_7_0-ibm Message-ID: <20200220141218.2EB40F798@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14286-1 Rating: important References: #1160968 #1162972 Cross-References: CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-1_7_0-ibm fixes the following issues: Java was updated to 7.0 Service Refresh 10 Fix Pack 60 [bsc#1162972, bsc#1160968]. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972). - CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972). - CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972). - CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_0-ibm-14286=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr10.60-65.48.1 java-1_7_0-ibm-alsa-1.7.0_sr10.60-65.48.1 java-1_7_0-ibm-devel-1.7.0_sr10.60-65.48.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.60-65.48.1 java-1_7_0-ibm-plugin-1.7.0_sr10.60-65.48.1 References: https://www.suse.com/security/cve/CVE-2020-2583.html https://www.suse.com/security/cve/CVE-2020-2593.html https://www.suse.com/security/cve/CVE-2020-2604.html https://www.suse.com/security/cve/CVE-2020-2659.html https://bugzilla.suse.com/1160968 https://bugzilla.suse.com/1162972 From sle-updates at lists.suse.com Thu Feb 20 10:11:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Feb 2020 18:11:26 +0100 (CET) Subject: SUSE-SU-2020:0429-1: important: Security update for nodejs12 Message-ID: <20200220171126.D0D27F798@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0429-1 Rating: important References: #1159352 #1163102 #1163103 #1163104 Cross-References: CVE-2019-15604 CVE-2019-15605 CVE-2019-15606 CVE-2019-16775 CVE-2019-16776 CVE-2019-16777 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: nodejs12 was updated to version 12.15.0. Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). - CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). - CVE-2019-16775: Fixed an arbitrary file write vulnerability (bsc#1159352). - CVE-2019-16776: Fixed an arbitrary file write vulnerability (bsc#1159352). - CVE-2019-16777: Fixed an arbitrary file write vulnerability (bsc#1159352). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-429=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs12-12.15.0-1.6.1 nodejs12-debuginfo-12.15.0-1.6.1 nodejs12-debugsource-12.15.0-1.6.1 nodejs12-devel-12.15.0-1.6.1 npm12-12.15.0-1.6.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs12-docs-12.15.0-1.6.1 References: https://www.suse.com/security/cve/CVE-2019-15604.html https://www.suse.com/security/cve/CVE-2019-15605.html https://www.suse.com/security/cve/CVE-2019-15606.html https://www.suse.com/security/cve/CVE-2019-16775.html https://www.suse.com/security/cve/CVE-2019-16776.html https://www.suse.com/security/cve/CVE-2019-16777.html https://bugzilla.suse.com/1159352 https://bugzilla.suse.com/1163102 https://bugzilla.suse.com/1163103 https://bugzilla.suse.com/1163104 From sle-updates at lists.suse.com Fri Feb 21 10:12:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Feb 2020 18:12:12 +0100 (CET) Subject: SUSE-SU-2020:14287-1: important: Security update for java-1_7_1-ibm Message-ID: <20200221171212.1520FF798@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14287-1 Rating: important References: #1160968 #1162972 Cross-References: CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: Java was updated to 7.1 Service Refresh 4 Fix Pack 60 [bsc#1162972, bsc#1160968]. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972). - CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972). - CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972). - CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-java-1_7_1-ibm-14287=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.60-26.50.1 java-1_7_1-ibm-devel-1.7.1_sr4.60-26.50.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-26.50.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.60-26.50.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-26.50.1 References: https://www.suse.com/security/cve/CVE-2020-2583.html https://www.suse.com/security/cve/CVE-2020-2593.html https://www.suse.com/security/cve/CVE-2020-2604.html https://www.suse.com/security/cve/CVE-2020-2659.html https://bugzilla.suse.com/1160968 https://bugzilla.suse.com/1162972 From sle-updates at lists.suse.com Fri Feb 21 10:12:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Feb 2020 18:12:58 +0100 (CET) Subject: SUSE-RU-2020:0430-1: moderate: Recommended update for pesign-obs-integration Message-ID: <20200221171258.DA8DEF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign-obs-integration ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0430-1 Rating: moderate References: #1163524 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pesign-obs-integration fixes the following issues: - sign stage3.bin from s390-tools with sign-files to enable secure boot for IBM zSeries (bsc#1163524) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-430=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): pesign-obs-integration-10.1-3.6.1 References: https://bugzilla.suse.com/1163524 From sle-updates at lists.suse.com Fri Feb 21 10:13:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Feb 2020 18:13:37 +0100 (CET) Subject: SUSE-RU-2020:0431-1: moderate: Recommended update for raspberrypi-firmware, u-boot Message-ID: <20200221171337.D8C7FF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for raspberrypi-firmware, u-boot ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0431-1 Rating: moderate References: #1088356 #1157822 #1160566 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for raspberrypi-firmware, u-boot fixes the following issues: The raspberrypi-firmware was updated to 6e4a7232c (2019-11-19): - Added support for CM3+ (bsc#1157822) - Allow user defined config options (bsc#1088356) - Move HDMI workaround to rpi3 section (fixes RPi2 HDMI output) The u-boot bootloader was updated: - Fixed the USB keyboard in grub on the RasperryPi (bsc#1160566): - Added support for Raspberry Pi Compute Module 3+ (bsc#1157822) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-431=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-431=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): u-boot-bananapim64-2019.01-7.6.1 u-boot-bananapim64-doc-2019.01-7.6.1 u-boot-dragonboard410c-2019.01-7.6.1 u-boot-dragonboard410c-doc-2019.01-7.6.1 u-boot-dragonboard820c-2019.01-7.6.1 u-boot-dragonboard820c-doc-2019.01-7.6.1 u-boot-evb-rk3399-2019.01-7.6.1 u-boot-evb-rk3399-doc-2019.01-7.6.1 u-boot-firefly-rk3399-2019.01-7.6.1 u-boot-firefly-rk3399-doc-2019.01-7.6.1 u-boot-geekbox-2019.01-7.6.1 u-boot-geekbox-doc-2019.01-7.6.1 u-boot-hikey-2019.01-7.6.1 u-boot-hikey-doc-2019.01-7.6.1 u-boot-khadas-vim-2019.01-7.6.1 u-boot-khadas-vim-doc-2019.01-7.6.1 u-boot-khadas-vim2-2019.01-7.6.1 u-boot-khadas-vim2-doc-2019.01-7.6.1 u-boot-ls1012afrdmqspi-2019.01-7.6.1 u-boot-ls1012afrdmqspi-doc-2019.01-7.6.1 u-boot-mvebudb-88f3720-2019.01-7.6.1 u-boot-mvebudb-88f3720-doc-2019.01-7.6.1 u-boot-mvebudbarmada8k-2019.01-7.6.1 u-boot-mvebudbarmada8k-doc-2019.01-7.6.1 u-boot-mvebuespressobin-88f3720-2019.01-7.6.1 u-boot-mvebuespressobin-88f3720-doc-2019.01-7.6.1 u-boot-mvebumcbin-88f8040-2019.01-7.6.1 u-boot-mvebumcbin-88f8040-doc-2019.01-7.6.1 u-boot-nanopia64-2019.01-7.6.1 u-boot-nanopia64-doc-2019.01-7.6.1 u-boot-odroid-c2-2019.01-7.6.1 u-boot-odroid-c2-doc-2019.01-7.6.1 u-boot-orangepipc2-2019.01-7.6.1 u-boot-orangepipc2-doc-2019.01-7.6.1 u-boot-p2371-2180-2019.01-7.6.1 u-boot-p2371-2180-doc-2019.01-7.6.1 u-boot-p2771-0000-500-2019.01-7.6.1 u-boot-p2771-0000-500-doc-2019.01-7.6.1 u-boot-pine64plus-2019.01-7.6.1 u-boot-pine64plus-doc-2019.01-7.6.1 u-boot-pinebook-2019.01-7.6.1 u-boot-pinebook-doc-2019.01-7.6.1 u-boot-pineh64-2019.01-7.6.1 u-boot-pineh64-doc-2019.01-7.6.1 u-boot-poplar-2019.01-7.6.1 u-boot-poplar-doc-2019.01-7.6.1 u-boot-rock960-rk3399-2019.01-7.6.1 u-boot-rock960-rk3399-doc-2019.01-7.6.1 u-boot-rpi3-doc-2019.01-7.6.1 u-boot-xilinxzynqmpgeneric-2019.01-7.6.1 u-boot-xilinxzynqmpgeneric-doc-2019.01-7.6.1 u-boot-xilinxzynqmpzcu102rev10-2019.01-7.6.1 u-boot-xilinxzynqmpzcu102rev10-doc-2019.01-7.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): raspberrypi-firmware-2019.11.19-8.3.1 raspberrypi-firmware-config-2019.11.19-8.3.1 raspberrypi-firmware-extra-2019.11.19-8.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): u-boot-tools-2019.01-7.6.1 u-boot-tools-debuginfo-2019.01-7.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64): u-boot-rpi3-2019.01-7.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): raspberrypi-firmware-2019.11.19-8.3.1 raspberrypi-firmware-config-2019.11.19-8.3.1 References: https://bugzilla.suse.com/1088356 https://bugzilla.suse.com/1157822 https://bugzilla.suse.com/1160566 From sle-updates at lists.suse.com Fri Feb 21 10:14:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Feb 2020 18:14:35 +0100 (CET) Subject: SUSE-SU-2020:0432-1: moderate: Security update for libsolv, libzypp, zypper Message-ID: <20200221171435.D5B6DF798@maintenance.suse.de> SUSE Security Update: Security update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0432-1 Rating: moderate References: #1135114 #1154804 #1154805 #1155198 #1155205 #1155298 #1155678 #1155819 #1156158 #1157377 #1158763 Cross-References: CVE-2019-18900 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. Description: This update for libsolv, libzypp, zypper fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819). - Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198). - Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). - Load only target resolvables for zypper rm (bsc#1157377). - Fix broken search by filelist (bsc#1135114). - Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158). - Do not sort out requested locales which are not available (bsc#1155678). - Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). - XML add patch issue-date and issue-list (bsc#1154805). - Fix zypper lp --cve/bugzilla/issue options (bsc#1155298). - Always execute commit when adding/removing locales (fixes bsc#1155205). - Fix description of --table-style,-s in man page (bsc#1154804). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-432=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-432=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-432=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-432=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.10-3.13.4 libsolv-debugsource-0.7.10-3.13.4 python-solv-0.7.10-3.13.4 python-solv-debuginfo-0.7.10-3.13.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.10-3.13.4 libsolv-debugsource-0.7.10-3.13.4 libsolv-demo-0.7.10-3.13.4 libsolv-demo-debuginfo-0.7.10-3.13.4 libzypp-debuginfo-17.19.0-3.14.5 libzypp-debugsource-17.19.0-3.14.5 libzypp-devel-doc-17.19.0-3.14.5 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): zypper-aptitude-1.14.33-3.13.5 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.10-3.13.4 libsolv-debugsource-0.7.10-3.13.4 perl-solv-0.7.10-3.13.4 perl-solv-debuginfo-0.7.10-3.13.4 ruby-solv-0.7.10-3.13.4 ruby-solv-debuginfo-0.7.10-3.13.4 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.10-3.13.4 libsolv-debugsource-0.7.10-3.13.4 libsolv-devel-0.7.10-3.13.4 libsolv-devel-debuginfo-0.7.10-3.13.4 libsolv-tools-0.7.10-3.13.4 libsolv-tools-debuginfo-0.7.10-3.13.4 libzypp-17.19.0-3.14.5 libzypp-debuginfo-17.19.0-3.14.5 libzypp-debugsource-17.19.0-3.14.5 libzypp-devel-17.19.0-3.14.5 python3-solv-0.7.10-3.13.4 python3-solv-debuginfo-0.7.10-3.13.4 zypper-1.14.33-3.13.5 zypper-debuginfo-1.14.33-3.13.5 zypper-debugsource-1.14.33-3.13.5 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): zypper-log-1.14.33-3.13.5 zypper-needs-restarting-1.14.33-3.13.5 References: https://www.suse.com/security/cve/CVE-2019-18900.html https://bugzilla.suse.com/1135114 https://bugzilla.suse.com/1154804 https://bugzilla.suse.com/1154805 https://bugzilla.suse.com/1155198 https://bugzilla.suse.com/1155205 https://bugzilla.suse.com/1155298 https://bugzilla.suse.com/1155678 https://bugzilla.suse.com/1155819 https://bugzilla.suse.com/1156158 https://bugzilla.suse.com/1157377 https://bugzilla.suse.com/1158763 From sle-updates at lists.suse.com Fri Feb 21 13:12:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Feb 2020 21:12:17 +0100 (CET) Subject: SUSE-SU-2020:0434-1: moderate: Security update for pdsh, slurm_18_08 Message-ID: <20200221201217.D49E7F79E@maintenance.suse.de> SUSE Security Update: Security update for pdsh, slurm_18_08 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0434-1 Rating: moderate References: #1018371 #1065697 #1085240 #1095508 #1123304 #1140709 #1155784 #1158709 #1158798 #1159692 Cross-References: CVE-2016-10030 CVE-2017-15566 CVE-2018-10995 CVE-2018-7033 CVE-2019-12838 CVE-2019-19727 CVE-2019-19728 CVE-2019-6438 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has two fixes is now available. Description: This update for pdsh, slurm_18_08 fixes the following issues: Slurm was included in the 18.08 release, as "slurm_18_08" package. The version 18.08.9 contains all recent security fixes, including: - CVE-2019-19728: Fixed a privilege escalation with srun, where --uid might have unintended side effects (bsc#1159692). - CVE-2019-19727: Fixed permissions of slurmdbd.conf (bsc#1155784). pdsh was updated to: - Add support for an alternative SLURM version when building the slurm plugin. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2020-434=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libpmi0_18_08-18.08.9-3.5.1 libpmi0_18_08-debuginfo-18.08.9-3.5.1 libslurm33-18.08.9-3.5.1 libslurm33-debuginfo-18.08.9-3.5.1 pdsh-2.33-7.18.1 pdsh-debuginfo-2.33-7.18.1 pdsh-debugsource-2.33-7.18.1 pdsh-dshgroup-2.33-7.18.1 pdsh-dshgroup-debuginfo-2.33-7.18.1 pdsh-genders-2.33-7.18.1 pdsh-genders-debuginfo-2.33-7.18.1 pdsh-machines-2.33-7.18.1 pdsh-machines-debuginfo-2.33-7.18.1 pdsh-netgroup-2.33-7.18.1 pdsh-netgroup-debuginfo-2.33-7.18.1 pdsh-slurm-2.33-7.18.1 pdsh-slurm-debuginfo-2.33-7.18.1 pdsh-slurm_18_08-2.33-7.18.1 pdsh-slurm_18_08-debuginfo-2.33-7.18.1 perl-slurm_18_08-18.08.9-3.5.1 perl-slurm_18_08-debuginfo-18.08.9-3.5.1 slurm_18_08-18.08.9-3.5.1 slurm_18_08-auth-none-18.08.9-3.5.1 slurm_18_08-auth-none-debuginfo-18.08.9-3.5.1 slurm_18_08-config-18.08.9-3.5.1 slurm_18_08-debuginfo-18.08.9-3.5.1 slurm_18_08-debugsource-18.08.9-3.5.1 slurm_18_08-devel-18.08.9-3.5.1 slurm_18_08-doc-18.08.9-3.5.1 slurm_18_08-lua-18.08.9-3.5.1 slurm_18_08-lua-debuginfo-18.08.9-3.5.1 slurm_18_08-munge-18.08.9-3.5.1 slurm_18_08-munge-debuginfo-18.08.9-3.5.1 slurm_18_08-node-18.08.9-3.5.1 slurm_18_08-node-debuginfo-18.08.9-3.5.1 slurm_18_08-pam_slurm-18.08.9-3.5.1 slurm_18_08-pam_slurm-debuginfo-18.08.9-3.5.1 slurm_18_08-plugins-18.08.9-3.5.1 slurm_18_08-plugins-debuginfo-18.08.9-3.5.1 slurm_18_08-slurmdbd-18.08.9-3.5.1 slurm_18_08-slurmdbd-debuginfo-18.08.9-3.5.1 slurm_18_08-sql-18.08.9-3.5.1 slurm_18_08-sql-debuginfo-18.08.9-3.5.1 slurm_18_08-torque-18.08.9-3.5.1 slurm_18_08-torque-debuginfo-18.08.9-3.5.1 References: https://www.suse.com/security/cve/CVE-2016-10030.html https://www.suse.com/security/cve/CVE-2017-15566.html https://www.suse.com/security/cve/CVE-2018-10995.html https://www.suse.com/security/cve/CVE-2018-7033.html https://www.suse.com/security/cve/CVE-2019-12838.html https://www.suse.com/security/cve/CVE-2019-19727.html https://www.suse.com/security/cve/CVE-2019-19728.html https://www.suse.com/security/cve/CVE-2019-6438.html https://bugzilla.suse.com/1018371 https://bugzilla.suse.com/1065697 https://bugzilla.suse.com/1085240 https://bugzilla.suse.com/1095508 https://bugzilla.suse.com/1123304 https://bugzilla.suse.com/1140709 https://bugzilla.suse.com/1155784 https://bugzilla.suse.com/1158709 https://bugzilla.suse.com/1158798 https://bugzilla.suse.com/1159692 From sle-updates at lists.suse.com Sat Feb 22 11:28:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Feb 2020 19:28:55 +0100 (CET) Subject: SUSE-CU-2020:62-1: Security update of suse/sle15 Message-ID: <20200222182855.8C8AFFC56@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:62-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.162 Container Release : 6.2.162 Severity : moderate Type : security References : 1135114 1154804 1154805 1155198 1155205 1155298 1155678 1155819 1156158 1157377 1158763 CVE-2019-18900 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:432-1 Released: Fri Feb 21 14:34:16 2020 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: moderate References: 1135114,1154804,1154805,1155198,1155205,1155298,1155678,1155819,1156158,1157377,1158763,CVE-2019-18900 Description: This update for libsolv, libzypp, zypper fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819). - Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198). - Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). - Load only target resolvables for zypper rm (bsc#1157377). - Fix broken search by filelist (bsc#1135114). - Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158). - Do not sort out requested locales which are not available (bsc#1155678). - Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). - XML add patch issue-date and issue-list (bsc#1154805). - Fix zypper lp --cve/bugzilla/issue options (bsc#1155298). - Always execute commit when adding/removing locales (fixes bsc#1155205). - Fix description of --table-style,-s in man page (bsc#1154804). From sle-updates at lists.suse.com Mon Feb 24 07:11:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Feb 2020 15:11:26 +0100 (CET) Subject: SUSE-SU-2020:14289-1: moderate: Security update for php53 Message-ID: <20200224141126.608FCF798@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14289-1 Rating: moderate References: #1159922 #1159923 #1159924 #1159927 #1161982 #1162629 Cross-References: CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 CVE-2019-20433 CVE-2020-7059 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for php53 fixes the following issues: Security issues fixed: - CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). - CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923). - CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924). - CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922). - CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927). - CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding (bsc#1161982). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-php53-14289=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-php53-14289=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-14289=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-php53-14289=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-112.79.1 php53-5.3.17-112.79.1 php53-bcmath-5.3.17-112.79.1 php53-bz2-5.3.17-112.79.1 php53-calendar-5.3.17-112.79.1 php53-ctype-5.3.17-112.79.1 php53-curl-5.3.17-112.79.1 php53-dba-5.3.17-112.79.1 php53-dom-5.3.17-112.79.1 php53-exif-5.3.17-112.79.1 php53-fastcgi-5.3.17-112.79.1 php53-fileinfo-5.3.17-112.79.1 php53-ftp-5.3.17-112.79.1 php53-gd-5.3.17-112.79.1 php53-gettext-5.3.17-112.79.1 php53-gmp-5.3.17-112.79.1 php53-iconv-5.3.17-112.79.1 php53-intl-5.3.17-112.79.1 php53-json-5.3.17-112.79.1 php53-ldap-5.3.17-112.79.1 php53-mbstring-5.3.17-112.79.1 php53-mcrypt-5.3.17-112.79.1 php53-mysql-5.3.17-112.79.1 php53-odbc-5.3.17-112.79.1 php53-openssl-5.3.17-112.79.1 php53-pcntl-5.3.17-112.79.1 php53-pdo-5.3.17-112.79.1 php53-pear-5.3.17-112.79.1 php53-pgsql-5.3.17-112.79.1 php53-pspell-5.3.17-112.79.1 php53-shmop-5.3.17-112.79.1 php53-snmp-5.3.17-112.79.1 php53-soap-5.3.17-112.79.1 php53-suhosin-5.3.17-112.79.1 php53-sysvmsg-5.3.17-112.79.1 php53-sysvsem-5.3.17-112.79.1 php53-sysvshm-5.3.17-112.79.1 php53-tokenizer-5.3.17-112.79.1 php53-wddx-5.3.17-112.79.1 php53-xmlreader-5.3.17-112.79.1 php53-xmlrpc-5.3.17-112.79.1 php53-xmlwriter-5.3.17-112.79.1 php53-xsl-5.3.17-112.79.1 php53-zip-5.3.17-112.79.1 php53-zlib-5.3.17-112.79.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): apache2-mod_php53-5.3.17-112.79.1 php53-5.3.17-112.79.1 php53-bcmath-5.3.17-112.79.1 php53-bz2-5.3.17-112.79.1 php53-calendar-5.3.17-112.79.1 php53-ctype-5.3.17-112.79.1 php53-curl-5.3.17-112.79.1 php53-dba-5.3.17-112.79.1 php53-dom-5.3.17-112.79.1 php53-exif-5.3.17-112.79.1 php53-fastcgi-5.3.17-112.79.1 php53-fileinfo-5.3.17-112.79.1 php53-ftp-5.3.17-112.79.1 php53-gd-5.3.17-112.79.1 php53-gettext-5.3.17-112.79.1 php53-gmp-5.3.17-112.79.1 php53-iconv-5.3.17-112.79.1 php53-intl-5.3.17-112.79.1 php53-json-5.3.17-112.79.1 php53-ldap-5.3.17-112.79.1 php53-mbstring-5.3.17-112.79.1 php53-mcrypt-5.3.17-112.79.1 php53-mysql-5.3.17-112.79.1 php53-odbc-5.3.17-112.79.1 php53-openssl-5.3.17-112.79.1 php53-pcntl-5.3.17-112.79.1 php53-pdo-5.3.17-112.79.1 php53-pear-5.3.17-112.79.1 php53-pgsql-5.3.17-112.79.1 php53-pspell-5.3.17-112.79.1 php53-shmop-5.3.17-112.79.1 php53-snmp-5.3.17-112.79.1 php53-soap-5.3.17-112.79.1 php53-suhosin-5.3.17-112.79.1 php53-sysvmsg-5.3.17-112.79.1 php53-sysvsem-5.3.17-112.79.1 php53-sysvshm-5.3.17-112.79.1 php53-tokenizer-5.3.17-112.79.1 php53-wddx-5.3.17-112.79.1 php53-xmlreader-5.3.17-112.79.1 php53-xmlrpc-5.3.17-112.79.1 php53-xmlwriter-5.3.17-112.79.1 php53-xsl-5.3.17-112.79.1 php53-zip-5.3.17-112.79.1 php53-zlib-5.3.17-112.79.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): php53-debuginfo-5.3.17-112.79.1 php53-debugsource-5.3.17-112.79.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): php53-debuginfo-5.3.17-112.79.1 php53-debugsource-5.3.17-112.79.1 References: https://www.suse.com/security/cve/CVE-2019-11045.html https://www.suse.com/security/cve/CVE-2019-11046.html https://www.suse.com/security/cve/CVE-2019-11047.html https://www.suse.com/security/cve/CVE-2019-11050.html https://www.suse.com/security/cve/CVE-2019-20433.html https://www.suse.com/security/cve/CVE-2020-7059.html https://bugzilla.suse.com/1159922 https://bugzilla.suse.com/1159923 https://bugzilla.suse.com/1159924 https://bugzilla.suse.com/1159927 https://bugzilla.suse.com/1161982 https://bugzilla.suse.com/1162629 From sle-updates at lists.suse.com Mon Feb 24 07:13:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Feb 2020 15:13:13 +0100 (CET) Subject: SUSE-RU-2020:0031-2: moderate: Recommended update for cloud-netconfig Message-ID: <20200224141313.64888F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-netconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0031-2 Rating: moderate References: #1135592 #1144282 #1157117 #1157190 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for cloud-netconfig contains the following fixes: - Removed obsolete Group tag from spec file. - Update to version 1.3: + Fix IPv4 address handling on secondary NICs in Azure. - Update to version 1.2: + support AWS IMDSv2 token. - Update to version 1.1: + fix use of GATEWAY variable. (bsc#1157117, bsc#1157190) + remove secondary IPv4 address only when added by cloud-netconfig. (bsc#1144282) + simplify routing setup for single NIC systems (partly fixes bsc#1135592) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-31=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-netconfig-azure-1.3-5.12.1 cloud-netconfig-ec2-1.3-5.12.1 References: https://bugzilla.suse.com/1135592 https://bugzilla.suse.com/1144282 https://bugzilla.suse.com/1157117 https://bugzilla.suse.com/1157190 From sle-updates at lists.suse.com Mon Feb 24 10:11:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Feb 2020 18:11:31 +0100 (CET) Subject: SUSE-SU-2020:14290-1: important: Security update for MozillaFirefox Message-ID: <20200224171131.86503F798@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14290-1 Rating: important References: #1161799 #1163368 Cross-References: CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox was updated to version 68.5.0 ESR (bsc#1163368). Security issues fixed: - CVE-2020-6796: Fixed a missing bounds check on shared memory in the parent process (bsc#1163368). - CVE-2020-6798: Fixed a JavaScript code injection issue caused by the incorrect parsing of template tags (bsc#1163368). - CVE-2020-6799: Fixed a local arbitrary code execution issue when handling PDF links from other applications (bsc#1163368). - CVE-2020-6800: Fixed several memory safety bugs (bsc#1163368). Non-security issues fixed: - Fixed various issues opening files with spaces in their path (bmo#1601905, bmo#1602726). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14290=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-68.5.0-78.61.2 MozillaFirefox-translations-common-68.5.0-78.61.2 MozillaFirefox-translations-other-68.5.0-78.61.2 References: https://www.suse.com/security/cve/CVE-2020-6796.html https://www.suse.com/security/cve/CVE-2020-6797.html https://www.suse.com/security/cve/CVE-2020-6798.html https://www.suse.com/security/cve/CVE-2020-6799.html https://www.suse.com/security/cve/CVE-2020-6800.html https://bugzilla.suse.com/1161799 https://bugzilla.suse.com/1163368 From sle-updates at lists.suse.com Mon Feb 24 10:12:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Feb 2020 18:12:19 +0100 (CET) Subject: SUSE-SU-2020:0439-1: moderate: Security update for dpdk Message-ID: <20200224171219.2A69BF798@maintenance.suse.de> SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0439-1 Rating: moderate References: #1151455 #1156146 #1157179 Cross-References: CVE-2019-14818 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for dpdk to version 18.11.3 fixes the following issues: Security issue fixed: - CVE-2019-14818: Fixed a denial of service by a malicious container via the vhost-user socket (bsc#1156146). Non-security issue fixed: - Added current version to the PMD driver directory to avoid loading previous version drivers (bsc#1157179). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-439=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-439=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le x86_64): dpdk-18.11.3-4.3.1 dpdk-debuginfo-18.11.3-4.3.1 dpdk-debugsource-18.11.3-4.3.1 dpdk-devel-18.11.3-4.3.1 dpdk-devel-debuginfo-18.11.3-4.3.1 dpdk-kmp-default-18.11.3_k4.12.14_197.29-4.3.1 dpdk-kmp-default-debuginfo-18.11.3_k4.12.14_197.29-4.3.1 dpdk-tools-18.11.3-4.3.1 dpdk-tools-debuginfo-18.11.3-4.3.1 libdpdk-18_11-18.11.3-4.3.1 libdpdk-18_11-debuginfo-18.11.3-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le x86_64): dpdk-debuginfo-18.11.3-4.3.1 dpdk-debugsource-18.11.3-4.3.1 dpdk-examples-18.11.3-4.3.1 dpdk-examples-debuginfo-18.11.3-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): dpdk-doc-18.11.3-4.3.1 References: https://www.suse.com/security/cve/CVE-2019-14818.html https://bugzilla.suse.com/1151455 https://bugzilla.suse.com/1156146 https://bugzilla.suse.com/1157179 From sle-updates at lists.suse.com Mon Feb 24 13:11:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Feb 2020 21:11:12 +0100 (CET) Subject: SUSE-RU-2020:0441-1: moderate: Recommended update for osinfo-db Message-ID: <20200224201112.3A90EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0441-1 Rating: moderate References: #1086715 #1159445 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for osinfo-db fixes the following issues: - Update the database to version 20190805, remove superseeded patches, add the official release date for SLE15-SP1 and SLE12-SP5, add support for SLE15-SP2 and SLE12-SP5 - Virt-manager detected the wrong windows server guest system version from the local install ISO image (bsc#1159445) - Correct the volume ID for SLE15-SP1 ISO image (bsc#1086715) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-441=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): osinfo-db-20190805-3.18.1 References: https://bugzilla.suse.com/1086715 https://bugzilla.suse.com/1159445 From sle-updates at lists.suse.com Mon Feb 24 13:12:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Feb 2020 21:12:03 +0100 (CET) Subject: SUSE-SU-2020:0440-1: moderate: Security update for python-azure-agent Message-ID: <20200224201203.5A8D2F798@maintenance.suse.de> SUSE Security Update: Security update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0440-1 Rating: moderate References: #1127838 Cross-References: CVE-2019-0804 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-azure-agent fixes the following issues: python-azure-agent was updated to version 2.2.45 (jsc#ECO-80) + Add support for Gen2 VM resource disks + Use alternate systemd detection + Fix /proc/net/route requirement that causes errors on FreeBSD + Add cloud-init auto-detect to prevent multiple provisioning mechanisms from relying on configuration for coordination + Disable cgroups when daemon is setup incorrectly + Remove upgrade extension loop for the same goal state + Add container id for extension telemetry events + Be more exact when detecting IMDS service health + Changing add_event to start sending missing fields From 2.2.44 update: + Remove outdated extension ZIP packages + Improved error handling when starting extensions using systemd + Reduce provisioning time of some custom images + Improve the handling of extension download errors + New API for extension authors to handle errors during extension update + Fix handling of errors in calls to openssl + Improve logic to determine current distro + Reduce verbosity of several logging statements From 2.2.42 update: + Poll for artifact blob, addresses goal state procesing issue From 2.2.41 update: + Rewriting the mechanism to start the extension using systemd-run for systems using systemd for managing + Refactoring of resource monitoring framework using cgroup for both systemd and non-systemd approaches [#1530, #1534] + Telemetry pipeline for resource monitoring data From 2.2.40 update: + Fixed tracking of memory/cpu usage + Do not prevent extensions from running if setting up cgroups fails + Enable systemd-aware deprovisioning on all versions >= 18.04 + Add systemd support for Debian Jessie, Stretch, and Buster + Support for Linux Openwrt From 2.2.38 update: Security issue fixed: + CVE-2019-0804: An issue with swapfile handling in the agent creates a data leak situation that exposes system memory data. (bsc#1127838) + Add fixes for handling swap file and other nit fixes From 2.2.37 update: + Improves re-try logic to handle errors while downloading extensions Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-440=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-440=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python-azure-agent-2.2.45-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python-azure-agent-test-2.2.45-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-0804.html https://bugzilla.suse.com/1127838 From sle-updates at lists.suse.com Mon Feb 24 16:12:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 00:12:25 +0100 (CET) Subject: SUSE-SU-2020:0443-1: moderate: Security update for pdsh, slurm_18_08 Message-ID: <20200224231225.CD477F798@maintenance.suse.de> SUSE Security Update: Security update for pdsh, slurm_18_08 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0443-1 Rating: moderate References: #1018371 #1065697 #1085240 #1095508 #1123304 #1140709 #1155784 #1158709 #1158798 #1159692 Cross-References: CVE-2016-10030 CVE-2017-15566 CVE-2018-10995 CVE-2018-7033 CVE-2019-12838 CVE-2019-19727 CVE-2019-19728 CVE-2019-6438 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for HPC 15-SP1 SUSE Linux Enterprise Module for HPC 15 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has two fixes is now available. Description: This update for pdsh, slurm_18_08 fixes the following issues: Slurm was included in the 18.08 release, as "slurm_18_08" package. The version 18.08.9 contains all recent security fixes, including: - CVE-2019-19728: Fixed a privilege escalation with srun, where --uid might have unintended side effects (bsc#1159692). - CVE-2019-19727: Fixed permissions of slurmdbd.conf (bsc#1155784). pdsh was updated to: - Add support for an alternative SLURM version when building the slurm plugin. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-443=1 - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2020-443=1 - SUSE Linux Enterprise Module for HPC 15: zypper in -t patch SUSE-SLE-Module-HPC-15-2020-443=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le s390x): pdsh-2.33-7.6.1 pdsh-debuginfo-2.33-7.6.1 pdsh-debugsource-2.33-7.6.1 pdsh-dshgroup-2.33-7.6.1 pdsh-dshgroup-debuginfo-2.33-7.6.1 pdsh-genders-2.33-7.6.1 pdsh-genders-debuginfo-2.33-7.6.1 pdsh-machines-2.33-7.6.1 pdsh-machines-debuginfo-2.33-7.6.1 pdsh-netgroup-2.33-7.6.1 pdsh-netgroup-debuginfo-2.33-7.6.1 pdsh-slurm-2.33-7.6.1 pdsh-slurm-debuginfo-2.33-7.6.1 pdsh-slurm_18_08-2.33-7.6.1 pdsh-slurm_18_08-debuginfo-2.33-7.6.1 - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): pdsh-2.33-7.6.1 pdsh-debuginfo-2.33-7.6.1 pdsh-debugsource-2.33-7.6.1 pdsh-dshgroup-2.33-7.6.1 pdsh-dshgroup-debuginfo-2.33-7.6.1 pdsh-genders-2.33-7.6.1 pdsh-genders-debuginfo-2.33-7.6.1 pdsh-machines-2.33-7.6.1 pdsh-machines-debuginfo-2.33-7.6.1 pdsh-netgroup-2.33-7.6.1 pdsh-netgroup-debuginfo-2.33-7.6.1 pdsh-slurm-2.33-7.6.1 pdsh-slurm-debuginfo-2.33-7.6.1 pdsh-slurm_18_08-2.33-7.6.1 pdsh-slurm_18_08-debuginfo-2.33-7.6.1 - SUSE Linux Enterprise Module for HPC 15 (aarch64 x86_64): libpmi0_18_08-18.08.9-1.5.2 libpmi0_18_08-debuginfo-18.08.9-1.5.2 libslurm33-18.08.9-1.5.2 libslurm33-debuginfo-18.08.9-1.5.2 pdsh-2.33-7.6.1 pdsh-debuginfo-2.33-7.6.1 pdsh-debugsource-2.33-7.6.1 pdsh-dshgroup-2.33-7.6.1 pdsh-dshgroup-debuginfo-2.33-7.6.1 pdsh-genders-2.33-7.6.1 pdsh-genders-debuginfo-2.33-7.6.1 pdsh-machines-2.33-7.6.1 pdsh-machines-debuginfo-2.33-7.6.1 pdsh-netgroup-2.33-7.6.1 pdsh-netgroup-debuginfo-2.33-7.6.1 pdsh-slurm-2.33-7.6.1 pdsh-slurm-debuginfo-2.33-7.6.1 pdsh-slurm_18_08-2.33-7.6.1 pdsh-slurm_18_08-debuginfo-2.33-7.6.1 perl-slurm_18_08-18.08.9-1.5.2 perl-slurm_18_08-debuginfo-18.08.9-1.5.2 slurm_18_08-18.08.9-1.5.2 slurm_18_08-auth-none-18.08.9-1.5.2 slurm_18_08-auth-none-debuginfo-18.08.9-1.5.2 slurm_18_08-config-18.08.9-1.5.2 slurm_18_08-debuginfo-18.08.9-1.5.2 slurm_18_08-debugsource-18.08.9-1.5.2 slurm_18_08-devel-18.08.9-1.5.2 slurm_18_08-doc-18.08.9-1.5.2 slurm_18_08-lua-18.08.9-1.5.2 slurm_18_08-lua-debuginfo-18.08.9-1.5.2 slurm_18_08-munge-18.08.9-1.5.2 slurm_18_08-munge-debuginfo-18.08.9-1.5.2 slurm_18_08-node-18.08.9-1.5.2 slurm_18_08-node-debuginfo-18.08.9-1.5.2 slurm_18_08-pam_slurm-18.08.9-1.5.2 slurm_18_08-pam_slurm-debuginfo-18.08.9-1.5.2 slurm_18_08-plugins-18.08.9-1.5.2 slurm_18_08-plugins-debuginfo-18.08.9-1.5.2 slurm_18_08-slurmdbd-18.08.9-1.5.2 slurm_18_08-slurmdbd-debuginfo-18.08.9-1.5.2 slurm_18_08-sql-18.08.9-1.5.2 slurm_18_08-sql-debuginfo-18.08.9-1.5.2 slurm_18_08-torque-18.08.9-1.5.2 slurm_18_08-torque-debuginfo-18.08.9-1.5.2 References: https://www.suse.com/security/cve/CVE-2016-10030.html https://www.suse.com/security/cve/CVE-2017-15566.html https://www.suse.com/security/cve/CVE-2018-10995.html https://www.suse.com/security/cve/CVE-2018-7033.html https://www.suse.com/security/cve/CVE-2019-12838.html https://www.suse.com/security/cve/CVE-2019-19727.html https://www.suse.com/security/cve/CVE-2019-19728.html https://www.suse.com/security/cve/CVE-2019-6438.html https://bugzilla.suse.com/1018371 https://bugzilla.suse.com/1065697 https://bugzilla.suse.com/1085240 https://bugzilla.suse.com/1095508 https://bugzilla.suse.com/1123304 https://bugzilla.suse.com/1140709 https://bugzilla.suse.com/1155784 https://bugzilla.suse.com/1158709 https://bugzilla.suse.com/1158798 https://bugzilla.suse.com/1159692 From sle-updates at lists.suse.com Mon Feb 24 16:14:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 00:14:12 +0100 (CET) Subject: SUSE-SU-2020:14291-1: moderate: Security update for openssl1 Message-ID: <20200224231412.B1808F798@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14291-1 Rating: moderate References: #1117951 #1160163 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for openssl1 fixes the following issues: - Add missing commits fixing the security issue called "The 9 Lives of Bleichenbacher's CAT". (bsc#1117951) - Fix a memory problem in 'BN_copy()'. (bsc#1160163) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-14291=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.58.24.1 libopenssl1_0_0-1.0.1g-0.58.24.1 openssl1-1.0.1g-0.58.24.1 openssl1-doc-1.0.1g-0.58.24.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.58.24.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.58.24.1 References: https://bugzilla.suse.com/1117951 https://bugzilla.suse.com/1160163 From sle-updates at lists.suse.com Tue Feb 25 07:13:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:13:17 +0100 (CET) Subject: SUSE-RU-2020:0446-1: moderate: Recommended update for yast2-nfs-server Message-ID: <20200225141317.1C62DF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-nfs-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0446-1 Rating: moderate References: #972488 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-nfs-server fixes the following issues: - Fixed outdated rpc-svcgssd service name which could prevent restarting NFS server when GSS security is enabled. (bsc#972488) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-446=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-nfs-common-4.1.1-3.3.1 yast2-nfs-server-4.1.1-3.3.1 References: https://bugzilla.suse.com/972488 From sle-updates at lists.suse.com Tue Feb 25 07:13:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:13:58 +0100 (CET) Subject: SUSE-RU-2020:0452-1: moderate: Recommended update for apache2 Message-ID: <20200225141358.5DB85F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0452-1 Rating: moderate References: #1156171 #1160100 #1162027 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for apache2 fixes the following issues: - Fix for naming convention issues in apache2 httpd-devel. (bsc#1160100) - Fix for spec file adding section '%license'. (bsc#1156171) - For for SSL Certificate chain error when using mod_ssl and mod_md in a complex setup. (bsc#1162027) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-452=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-452=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.26.1 apache2-debuginfo-2.4.33-3.26.1 apache2-debugsource-2.4.33-3.26.1 apache2-devel-2.4.33-3.26.1 apache2-prefork-2.4.33-3.26.1 apache2-prefork-debuginfo-2.4.33-3.26.1 apache2-utils-2.4.33-3.26.1 apache2-utils-debuginfo-2.4.33-3.26.1 apache2-worker-2.4.33-3.26.1 apache2-worker-debuginfo-2.4.33-3.26.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): apache2-doc-2.4.33-3.26.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.33-3.26.1 apache2-debugsource-2.4.33-3.26.1 apache2-event-2.4.33-3.26.1 apache2-event-debuginfo-2.4.33-3.26.1 apache2-example-pages-2.4.33-3.26.1 References: https://bugzilla.suse.com/1156171 https://bugzilla.suse.com/1160100 https://bugzilla.suse.com/1162027 From sle-updates at lists.suse.com Tue Feb 25 07:14:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:14:54 +0100 (CET) Subject: SUSE-SU-2020:0466-1: important: Security update for java-1_8_0-ibm Message-ID: <20200225141454.5F621F798@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0466-1 Rating: important References: #1160968 #1162972 Cross-References: CVE-2019-4732 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: Java 8.0 was updated to Service Refresh 6 Fix Pack 5 (bsc#1162972, bsc#1160968) - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2019-4732: Untrusted DLL search path vulnerability - CVE-2020-2593: Normalize normalization for all - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-466=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-466=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-466=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-466=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2020-466=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.5-3.33.2 java-1_8_0-ibm-devel-1.8.0_sr6.5-3.33.2 - SUSE Linux Enterprise Server for SAP 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.5-3.33.2 java-1_8_0-ibm-plugin-1.8.0_sr6.5-3.33.2 - SUSE Linux Enterprise Server 15-LTSS (s390x): java-1_8_0-ibm-1.8.0_sr6.5-3.33.2 java-1_8_0-ibm-devel-1.8.0_sr6.5-3.33.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-demo-1.8.0_sr6.5-3.33.2 java-1_8_0-ibm-src-1.8.0_sr6.5-3.33.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr6.5-3.33.2 java-1_8_0-ibm-devel-32bit-1.8.0_sr6.5-3.33.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.5-3.33.2 java-1_8_0-ibm-devel-1.8.0_sr6.5-3.33.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.5-3.33.2 java-1_8_0-ibm-plugin-1.8.0_sr6.5-3.33.2 - SUSE Linux Enterprise Module for Legacy Software 15 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.5-3.33.2 java-1_8_0-ibm-devel-1.8.0_sr6.5-3.33.2 - SUSE Linux Enterprise Module for Legacy Software 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.5-3.33.2 java-1_8_0-ibm-plugin-1.8.0_sr6.5-3.33.2 References: https://www.suse.com/security/cve/CVE-2019-4732.html https://www.suse.com/security/cve/CVE-2020-2583.html https://www.suse.com/security/cve/CVE-2020-2593.html https://www.suse.com/security/cve/CVE-2020-2604.html https://www.suse.com/security/cve/CVE-2020-2659.html https://bugzilla.suse.com/1160968 https://bugzilla.suse.com/1162972 From sle-updates at lists.suse.com Tue Feb 25 07:15:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:15:42 +0100 (CET) Subject: SUSE-SU-2020:0467-1: moderate: Security update for python3 Message-ID: <20200225141542.9DFB7F798@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0467-1 Rating: moderate References: #1162224 #1162367 #1162423 #1162825 Cross-References: CVE-2019-9674 CVE-2020-8492 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for python3 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367). Non-security issue fixed: - If the locale is "C", coerce it to C.UTF-8 (bsc#1162423). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-467=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-467=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-467=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.10-3.47.2 python3-base-debugsource-3.6.10-3.47.2 python3-testsuite-3.6.10-3.47.2 python3-testsuite-debuginfo-3.6.10-3.47.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpython3_6m1_0-32bit-3.6.10-3.47.2 libpython3_6m1_0-32bit-debuginfo-3.6.10-3.47.2 python3-32bit-3.6.10-3.47.2 python3-32bit-debuginfo-3.6.10-3.47.2 python3-base-32bit-3.6.10-3.47.2 python3-base-32bit-debuginfo-3.6.10-3.47.2 python3-debugsource-3.6.10-3.47.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python3-doc-3.6.10-3.47.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.10-3.47.2 python3-base-debugsource-3.6.10-3.47.2 python3-tools-3.6.10-3.47.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.10-3.47.2 libpython3_6m1_0-debuginfo-3.6.10-3.47.2 python3-3.6.10-3.47.2 python3-base-3.6.10-3.47.2 python3-base-debuginfo-3.6.10-3.47.2 python3-base-debugsource-3.6.10-3.47.2 python3-curses-3.6.10-3.47.2 python3-curses-debuginfo-3.6.10-3.47.2 python3-dbm-3.6.10-3.47.2 python3-dbm-debuginfo-3.6.10-3.47.2 python3-debuginfo-3.6.10-3.47.2 python3-debugsource-3.6.10-3.47.2 python3-devel-3.6.10-3.47.2 python3-devel-debuginfo-3.6.10-3.47.2 python3-idle-3.6.10-3.47.2 python3-tk-3.6.10-3.47.2 python3-tk-debuginfo-3.6.10-3.47.2 References: https://www.suse.com/security/cve/CVE-2019-9674.html https://www.suse.com/security/cve/CVE-2020-8492.html https://bugzilla.suse.com/1162224 https://bugzilla.suse.com/1162367 https://bugzilla.suse.com/1162423 https://bugzilla.suse.com/1162825 From sle-updates at lists.suse.com Tue Feb 25 07:16:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:16:43 +0100 (CET) Subject: SUSE-RU-2020:0462-1: moderate: Recommended update for xfsprogs Message-ID: <20200225141643.4DCD2F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for xfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0462-1 Rating: moderate References: #1158504 #1158509 #1158630 #1158758 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for xfsprogs fixes the following issues: - Allow the filesystem utility xfs_io to suffix sizes with k,m,g for kilobytes, megabytes or gigabytes respectively. (bsc#1158630) - Validate extent size hint parameters through libxfs to avoid output mismatch. (bsc#1158509) - Fix for 'xfs_repair' not to fail recovery of orphaned shortform directories. (bsc#1158504) - Fix for 'xfs_quota' to avoid false error reporting of project inheritance flag is not set. (bsc#1158758) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-462=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): xfsprogs-4.15.0-4.24.3 xfsprogs-debuginfo-4.15.0-4.24.3 xfsprogs-debugsource-4.15.0-4.24.3 xfsprogs-devel-4.15.0-4.24.3 References: https://bugzilla.suse.com/1158504 https://bugzilla.suse.com/1158509 https://bugzilla.suse.com/1158630 https://bugzilla.suse.com/1158758 From sle-updates at lists.suse.com Tue Feb 25 07:18:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:18:23 +0100 (CET) Subject: SUSE-RU-2020:0447-1: moderate: Recommended update for pcsc-tools Message-ID: <20200225141823.7111DF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for pcsc-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0447-1 Rating: moderate References: #1145779 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pcsc-tools fixes the following issues: - added missing dependencies for gscriptor (bsc#1145779) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-447=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): pcsc-tools-1.5.4-3.4.1 pcsc-tools-debuginfo-1.5.4-3.4.1 pcsc-tools-debugsource-1.5.4-3.4.1 References: https://bugzilla.suse.com/1145779 From sle-updates at lists.suse.com Tue Feb 25 07:19:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:19:03 +0100 (CET) Subject: SUSE-RU-2020:0445-1: moderate: Recommended update for gdb Message-ID: <20200225141903.96D83F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0445-1 Rating: moderate References: #1146167 #1146475 #1156284 #1158539 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for gdb fixes the following issues: - Added support for official name of IBM s390 Arch13: z15. - Added descriptions for arch13 instructions. (jsc#SLE-7903) - Fixed build with gcc 10 [bsc#1158539, swo#24653]. - Make fpc optional (bsc#1156284) as fpc requires itself for bootstrapping. - Fixed a debugging information problem with a forwarding array declaration (bsc#1146475) - Fixed that logging redirect doesn't work for user-defined command (bsc#1146167) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-445=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-445=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): gdb-debuginfo-8.3.1-8.11.1 gdb-debugsource-8.3.1-8.11.1 gdb-testresults-8.3.1-8.11.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): gdb-8.3.1-8.11.1 gdb-debuginfo-8.3.1-8.11.1 gdb-debugsource-8.3.1-8.11.1 gdbserver-8.3.1-8.11.1 gdbserver-debuginfo-8.3.1-8.11.1 References: https://bugzilla.suse.com/1146167 https://bugzilla.suse.com/1146475 https://bugzilla.suse.com/1156284 https://bugzilla.suse.com/1158539 From sle-updates at lists.suse.com Tue Feb 25 07:20:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:20:14 +0100 (CET) Subject: SUSE-SU-2020:0457-1: moderate: Security update for libexif Message-ID: <20200225142014.24830F798@maintenance.suse.de> SUSE Security Update: Security update for libexif ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0457-1 Rating: moderate References: #1120943 #1160770 Cross-References: CVE-2018-20030 CVE-2019-9278 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-457=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-457=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-457=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-457=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-457=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-457=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-457=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-457=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-457=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-457=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-457=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-457=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-457=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-457=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-457=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-457=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-457=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-457=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 - SUSE OpenStack Cloud 8 (x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.21-8.6.1 libexif-devel-0.6.21-8.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.21-8.6.1 libexif-devel-0.6.21-8.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 - SUSE Enterprise Storage 5 (x86_64): libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 - HPE Helion Openstack 8 (x86_64): libexif-debugsource-0.6.21-8.6.1 libexif12-0.6.21-8.6.1 libexif12-32bit-0.6.21-8.6.1 libexif12-debuginfo-0.6.21-8.6.1 libexif12-debuginfo-32bit-0.6.21-8.6.1 References: https://www.suse.com/security/cve/CVE-2018-20030.html https://www.suse.com/security/cve/CVE-2019-9278.html https://bugzilla.suse.com/1120943 https://bugzilla.suse.com/1160770 From sle-updates at lists.suse.com Tue Feb 25 07:21:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:21:05 +0100 (CET) Subject: SUSE-RU-2020:0449-1: moderate: Recommended update for autoyast2, yast2-schema Message-ID: <20200225142105.0EAB7F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2, yast2-schema ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0449-1 Rating: moderate References: #1123091 #1134501 #1143106 #1156905 #1159157 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for autoyast2, yast2-schema fixes the following issues: autoyast2 was updated to fix: - Fixed conflicting items in rule dialogs (bsc#1123091). - Semi-automatic with partition: Do not use the common AY partition workflow (bsc#1134501). - Do not reset Base-Product while registration. Do not call registration in the second installation stage again. (bsc#1143106). - Fix profile validation for scripts elements (bsc#1156905). - UI: Report XML parsing errors instead of just crashing (bsc#1159157). Updates in yast2-schema: - Fix 'scripts' elements validation (bsc#1156905). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-449=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-schema-4.1.8-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): autoyast2-4.1.8-3.6.1 autoyast2-installation-4.1.8-3.6.1 References: https://bugzilla.suse.com/1123091 https://bugzilla.suse.com/1134501 https://bugzilla.suse.com/1143106 https://bugzilla.suse.com/1156905 https://bugzilla.suse.com/1159157 From sle-updates at lists.suse.com Tue Feb 25 07:22:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:22:17 +0100 (CET) Subject: SUSE-SU-2020:0468-1: important: Security update for webkit2gtk3 Message-ID: <20200225142217.4C4FCF798@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0468-1 Rating: important References: #1159329 #1161719 #1163809 Cross-References: CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.26.4 fixes the following issues: Security issues fixed: - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719). - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809). - CVE-2020-3864: Fixed a logic issue in the DOM object context handling (bsc#1163809). - CVE-2020-3865: Fixed a logic issue in the DOM object context handling (bsc#1163809). - CVE-2020-3867: Fixed an XSS issue (bsc#1163809). - CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809). Non-security issues fixed: - Fixed issues while trying to play a video on NextCloud. - Fixed vertical alignment of text containing arabic diacritics. - Fixed build with icu 65.1. - Fixed page loading errors with websites using HSTS. - Fixed web process crash when displaying a KaTeX formula. - Fixed several crashes and rendering issues. - Switched to a single web process for Evolution and geary (bsc#1159329 glgo#GNOME/evolution#587). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-468=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-468=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-468=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-468=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-468=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2020-468=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-468=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-468=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-468=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-468=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.26.4-3.43.1 libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-3.43.1 libwebkit2gtk-4_0-37-2.26.4-3.43.1 libwebkit2gtk-4_0-37-debuginfo-2.26.4-3.43.1 webkit2gtk-4_0-injected-bundles-2.26.4-3.43.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-3.43.1 webkit2gtk3-debugsource-2.26.4-3.43.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libwebkit2gtk3-lang-2.26.4-3.43.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libjavascriptcoregtk-4_0-18-2.26.4-3.43.1 libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-3.43.1 libwebkit2gtk-4_0-37-2.26.4-3.43.1 libwebkit2gtk-4_0-37-debuginfo-2.26.4-3.43.1 webkit2gtk-4_0-injected-bundles-2.26.4-3.43.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-3.43.1 webkit2gtk3-debugsource-2.26.4-3.43.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libwebkit2gtk3-lang-2.26.4-3.43.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): webkit-jsc-4-2.26.4-3.43.1 webkit-jsc-4-debuginfo-2.26.4-3.43.1 webkit2gtk3-debugsource-2.26.4-3.43.1 webkit2gtk3-minibrowser-2.26.4-3.43.1 webkit2gtk3-minibrowser-debuginfo-2.26.4-3.43.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.26.4-3.43.1 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.26.4-3.43.1 libwebkit2gtk-4_0-37-32bit-2.26.4-3.43.1 libwebkit2gtk-4_0-37-32bit-debuginfo-2.26.4-3.43.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): webkit-jsc-4-2.26.4-3.43.1 webkit-jsc-4-debuginfo-2.26.4-3.43.1 webkit2gtk3-debugsource-2.26.4-3.43.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.26.4-3.43.1 typelib-1_0-WebKit2-4_0-2.26.4-3.43.1 typelib-1_0-WebKit2WebExtension-4_0-2.26.4-3.43.1 webkit2gtk3-debugsource-2.26.4-3.43.1 webkit2gtk3-devel-2.26.4-3.43.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.26.4-3.43.1 typelib-1_0-WebKit2-4_0-2.26.4-3.43.1 typelib-1_0-WebKit2WebExtension-4_0-2.26.4-3.43.1 webkit2gtk3-debugsource-2.26.4-3.43.1 webkit2gtk3-devel-2.26.4-3.43.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.26.4-3.43.1 libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-3.43.1 libwebkit2gtk-4_0-37-2.26.4-3.43.1 libwebkit2gtk-4_0-37-debuginfo-2.26.4-3.43.1 webkit2gtk-4_0-injected-bundles-2.26.4-3.43.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-3.43.1 webkit2gtk3-debugsource-2.26.4-3.43.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libwebkit2gtk3-lang-2.26.4-3.43.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.26.4-3.43.1 libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-3.43.1 libwebkit2gtk-4_0-37-2.26.4-3.43.1 libwebkit2gtk-4_0-37-debuginfo-2.26.4-3.43.1 webkit2gtk-4_0-injected-bundles-2.26.4-3.43.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-3.43.1 webkit2gtk3-debugsource-2.26.4-3.43.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libwebkit2gtk3-lang-2.26.4-3.43.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.26.4-3.43.1 libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-3.43.1 libwebkit2gtk-4_0-37-2.26.4-3.43.1 libwebkit2gtk-4_0-37-debuginfo-2.26.4-3.43.1 webkit2gtk-4_0-injected-bundles-2.26.4-3.43.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-3.43.1 webkit2gtk3-debugsource-2.26.4-3.43.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libwebkit2gtk3-lang-2.26.4-3.43.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.26.4-3.43.1 libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-3.43.1 libwebkit2gtk-4_0-37-2.26.4-3.43.1 libwebkit2gtk-4_0-37-debuginfo-2.26.4-3.43.1 webkit2gtk-4_0-injected-bundles-2.26.4-3.43.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-3.43.1 webkit2gtk3-debugsource-2.26.4-3.43.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libwebkit2gtk3-lang-2.26.4-3.43.1 References: https://www.suse.com/security/cve/CVE-2019-8835.html https://www.suse.com/security/cve/CVE-2019-8844.html https://www.suse.com/security/cve/CVE-2019-8846.html https://www.suse.com/security/cve/CVE-2020-3862.html https://www.suse.com/security/cve/CVE-2020-3864.html https://www.suse.com/security/cve/CVE-2020-3865.html https://www.suse.com/security/cve/CVE-2020-3867.html https://www.suse.com/security/cve/CVE-2020-3868.html https://bugzilla.suse.com/1159329 https://bugzilla.suse.com/1161719 https://bugzilla.suse.com/1163809 From sle-updates at lists.suse.com Tue Feb 25 07:23:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:23:19 +0100 (CET) Subject: SUSE-SU-2020:0456-1: important: Security update for java-1_7_1-ibm Message-ID: <20200225142319.1E804F798@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0456-1 Rating: important References: #1160968 #1162972 Cross-References: CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: Java was updated to 7.1 Service Refresh 4 Fix Pack 60 [bsc#1162972, bsc#1160968]. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972). - CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972). - CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972). - CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972). Non-security issues fixed: * Class Libraries: IJ22333 HANG IN JAVA_JAVA_NET_SOCKETINPUTSTREAM_SOCKETREAD0 EVEN WHEN TIMEOUT IS SET IJ22350 JAVA 7 AND JAVA 8 NOT WORKING WELL WITH TRADITIONAL/SIMPLIFIED CHINESE EDITION OF WINDOWS CLIENT SYSTEM IJ22337 THE NAME OF THE REPUBLIC OF BELARUS IN THE RUSSIAN LOCALE INCONSISTENT WITH CLDR IJ22349 UPDATE TIMEZONE INFORMATION TO TZDATA2019C * JIT Compiler: IJ11368 JAVA JIT PPC: CRASH IN JIT COMPILED CODE ON PPC MACHINES Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-456=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-456=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-456=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-456=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-456=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-456=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-456=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-456=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-456=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-456=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-456=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-456=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-456=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-456=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-456=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-456=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-456=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47.1 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-devel-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-devel-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_7_1-ibm-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-devel-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-devel-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-devel-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-devel-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47.1 - SUSE Enterprise Storage 5 (x86_64): java-1_7_1-ibm-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47.1 - HPE Helion Openstack 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47.1 References: https://www.suse.com/security/cve/CVE-2020-2583.html https://www.suse.com/security/cve/CVE-2020-2593.html https://www.suse.com/security/cve/CVE-2020-2604.html https://www.suse.com/security/cve/CVE-2020-2659.html https://bugzilla.suse.com/1160968 https://bugzilla.suse.com/1162972 From sle-updates at lists.suse.com Tue Feb 25 07:24:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:24:11 +0100 (CET) Subject: SUSE-RU-2020:0461-1: moderate: Recommended update for yast2-bootloader Message-ID: <20200225142411.5E531F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0461-1 Rating: moderate References: #1124581 #1151748 #1160176 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-bootloader fixes the following issues: - Improved detection of the root filesystem in non-standard btrfs configurations to avoid a crash (bsc#1151748, bsc#1124581) - If no file system is mounted at / or /boot, it will now show an error instead of crashing the installer (bsc#1160176) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-461=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-bootloader-4.1.26-3.5.1 References: https://bugzilla.suse.com/1124581 https://bugzilla.suse.com/1151748 https://bugzilla.suse.com/1160176 From sle-updates at lists.suse.com Tue Feb 25 07:25:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:25:08 +0100 (CET) Subject: SUSE-RU-2020:0464-1: moderate: Recommended update for crmsh Message-ID: <20200225142508.AE7ECF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0464-1 Rating: moderate References: #1141976 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issues: - Fixes a bug where a space was not allowed in cluster names and therefore produced a parser error (bsc#1141976) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2020-464=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (noarch): crmsh-3.0.4+git.1581993600.7343173f-13.29.1 crmsh-scripts-3.0.4+git.1581993600.7343173f-13.29.1 References: https://bugzilla.suse.com/1141976 From sle-updates at lists.suse.com Tue Feb 25 07:25:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:25:48 +0100 (CET) Subject: SUSE-RU-2020:0463-1: moderate: Recommended update for post-build-checks Message-ID: <20200225142548.8EA38F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for post-build-checks ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0463-1 Rating: moderate References: #1162030 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for post-build-checks fixes the following issues: - Avoid to remove the coreutils package - Fixes rpm-ndb build issues (bsc#1162030) Convert the rpm database from berkeley db to the New RPM DB format (ndb) before rpm-ndb is installed and avoid to uninstall rpm-ndb package that is required for generating other baselibs Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-463=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): post-build-checks-84.88+git20181015.ceb5c96-3.10.2 References: https://bugzilla.suse.com/1162030 From sle-updates at lists.suse.com Tue Feb 25 07:26:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:26:28 +0100 (CET) Subject: SUSE-RU-2020:0470-1: moderate: Recommended update for crmsh Message-ID: <20200225142628.7446EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0470-1 Rating: moderate References: #1141976 #1158060 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fixes a bug where a space was not allowed in cluster names and therefore produced a parser error (bsc#1141976) - Fixes a bug where running hb_report flushed dmesg and /var/log/messages (bsc#1158060) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-470=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-470=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): crmsh-test-4.1.0+git.1581993582.18a6b810-3.14.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): crmsh-4.1.0+git.1581993582.18a6b810-3.14.1 crmsh-scripts-4.1.0+git.1581993582.18a6b810-3.14.1 References: https://bugzilla.suse.com/1141976 https://bugzilla.suse.com/1158060 From sle-updates at lists.suse.com Tue Feb 25 07:27:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:27:19 +0100 (CET) Subject: SUSE-SU-2020:0459-1: moderate: Security update for libvpx Message-ID: <20200225142719.56E8DF798@maintenance.suse.de> SUSE Security Update: Security update for libvpx ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0459-1 Rating: moderate References: #1160613 #1160614 Cross-References: CVE-2019-9232 CVE-2019-9433 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libvpx fixes the following issues: - CVE-2019-9232: Fixed an out of bound memory access (bsc#1160613). - CVE-2019-9433: Fixdd a use-after-free in vp8_deblock() (bsc#1160614). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-459=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2020-459=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-459=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-459=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-459=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-459=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libvpx-debugsource-1.3.0-3.6.1 libvpx1-32bit-1.3.0-3.6.1 libvpx1-debuginfo-32bit-1.3.0-3.6.1 vpx-tools-1.3.0-3.6.1 vpx-tools-debuginfo-1.3.0-3.6.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libvpx-debugsource-1.3.0-3.6.1 libvpx1-32bit-1.3.0-3.6.1 libvpx1-debuginfo-32bit-1.3.0-3.6.1 vpx-tools-1.3.0-3.6.1 vpx-tools-debuginfo-1.3.0-3.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.3.0-3.6.1 libvpx-devel-1.3.0-3.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.3.0-3.6.1 libvpx-devel-1.3.0-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.3.0-3.6.1 libvpx1-1.3.0-3.6.1 libvpx1-debuginfo-1.3.0-3.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.3.0-3.6.1 libvpx1-1.3.0-3.6.1 libvpx1-debuginfo-1.3.0-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-9232.html https://www.suse.com/security/cve/CVE-2019-9433.html https://bugzilla.suse.com/1160613 https://bugzilla.suse.com/1160614 From sle-updates at lists.suse.com Tue Feb 25 07:28:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:28:07 +0100 (CET) Subject: SUSE-RU-2020:0450-1: moderate: Recommended update for osinfo-db Message-ID: <20200225142807.2D3AFF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0450-1 Rating: moderate References: #1159445 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for osinfo-db fixes the following issues: - Fix for detecting inappropriate version of Windows guest system via virt-manager. (bsc#1159445) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-450=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): osinfo-db-20191125-3.6.1 References: https://bugzilla.suse.com/1159445 From sle-updates at lists.suse.com Tue Feb 25 07:28:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:28:48 +0100 (CET) Subject: SUSE-RU-2020:0448-1: moderate: Recommended update for yast2-sudo Message-ID: <20200225142848.07843F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0448-1 Rating: moderate References: #1156929 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-sudo fixes the following issues: - Prevent truncating the sudoers file after write changes. (bsc#1156929) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-448=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-448=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-448=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): yast2-sudo-3.1.3-5.6.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-sudo-3.1.3-5.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-sudo-3.1.3-5.6.1 References: https://bugzilla.suse.com/1156929 From sle-updates at lists.suse.com Tue Feb 25 07:30:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:30:17 +0100 (CET) Subject: SUSE-RU-2020:0469-1: moderate: Recommended update for flex Message-ID: <20200225143017.3454EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for flex ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0469-1 Rating: moderate References: #1162488 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for flex fixes the following issues: - The previous version update moved the content of the flex-32bit package into libfl2-32bit and libfl-devel-32bit. Reflect this in the RPM provides / obsoletes to allow transparent migration between those packages (bsc#1162488) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-469=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-469=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-469=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-469=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-469=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-469=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-469=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-469=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-469=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-469=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-469=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-469=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-469=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-469=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-469=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-469=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-469=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debuginfo-32bit-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl-devel-32bit-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-32bit-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 libfl2-debuginfo-32bit-2.6.4-9.7.1 - SUSE OpenStack Cloud 8 (x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debuginfo-32bit-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl-devel-32bit-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-32bit-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 libfl2-debuginfo-32bit-2.6.4-9.7.1 - SUSE OpenStack Cloud 7 (s390x x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debuginfo-32bit-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl-devel-32bit-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-32bit-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 libfl2-debuginfo-32bit-2.6.4-9.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): flex-debuginfo-32bit-2.6.4-9.7.1 libfl-devel-32bit-2.6.4-9.7.1 libfl2-32bit-2.6.4-9.7.1 libfl2-debuginfo-32bit-2.6.4-9.7.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): flex-debuginfo-32bit-2.6.4-9.7.1 libfl-devel-32bit-2.6.4-9.7.1 libfl2-32bit-2.6.4-9.7.1 libfl2-debuginfo-32bit-2.6.4-9.7.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debuginfo-32bit-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl-devel-32bit-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-32bit-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 libfl2-debuginfo-32bit-2.6.4-9.7.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): flex-debuginfo-32bit-2.6.4-9.7.1 libfl-devel-32bit-2.6.4-9.7.1 libfl2-32bit-2.6.4-9.7.1 libfl2-debuginfo-32bit-2.6.4-9.7.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): flex-debuginfo-32bit-2.6.4-9.7.1 libfl-devel-32bit-2.6.4-9.7.1 libfl2-32bit-2.6.4-9.7.1 libfl2-debuginfo-32bit-2.6.4-9.7.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): flex-debuginfo-32bit-2.6.4-9.7.1 libfl-devel-32bit-2.6.4-9.7.1 libfl2-32bit-2.6.4-9.7.1 libfl2-debuginfo-32bit-2.6.4-9.7.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debuginfo-32bit-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl-devel-32bit-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-32bit-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 libfl2-debuginfo-32bit-2.6.4-9.7.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): flex-debuginfo-32bit-2.6.4-9.7.1 libfl-devel-32bit-2.6.4-9.7.1 libfl2-32bit-2.6.4-9.7.1 libfl2-debuginfo-32bit-2.6.4-9.7.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debuginfo-32bit-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl-devel-32bit-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-32bit-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 libfl2-debuginfo-32bit-2.6.4-9.7.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): flex-debuginfo-32bit-2.6.4-9.7.1 libfl-devel-32bit-2.6.4-9.7.1 libfl2-32bit-2.6.4-9.7.1 libfl2-debuginfo-32bit-2.6.4-9.7.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 - SUSE Enterprise Storage 5 (x86_64): flex-debuginfo-32bit-2.6.4-9.7.1 libfl-devel-32bit-2.6.4-9.7.1 libfl2-32bit-2.6.4-9.7.1 libfl2-debuginfo-32bit-2.6.4-9.7.1 - HPE Helion Openstack 8 (x86_64): flex-2.6.4-9.7.1 flex-debuginfo-2.6.4-9.7.1 flex-debuginfo-32bit-2.6.4-9.7.1 flex-debugsource-2.6.4-9.7.1 libfl-devel-2.6.4-9.7.1 libfl-devel-32bit-2.6.4-9.7.1 libfl2-2.6.4-9.7.1 libfl2-32bit-2.6.4-9.7.1 libfl2-debuginfo-2.6.4-9.7.1 libfl2-debuginfo-32bit-2.6.4-9.7.1 References: https://bugzilla.suse.com/1162488 From sle-updates at lists.suse.com Tue Feb 25 07:31:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:31:09 +0100 (CET) Subject: SUSE-RU-2020:0451-1: moderate: Recommended update for libgcrypt Message-ID: <20200225143109.87B67F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0451-1 Rating: moderate References: #1155337 #1161215 #1161216 #1161218 #1161219 #1161220 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for libgcrypt fixes the following issues: - ECDSA: Check range of coordinates (bsc#1161216) - FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219] - FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215] - FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220] - FIPS: keywrap gives incorrect results [bsc#1161218] - FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-451=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-451=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libgcrypt-cavs-1.8.2-8.15.1 libgcrypt-cavs-debuginfo-1.8.2-8.15.1 libgcrypt-debugsource-1.8.2-8.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libgcrypt-devel-32bit-1.8.2-8.15.1 libgcrypt-devel-32bit-debuginfo-1.8.2-8.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.8.2-8.15.1 libgcrypt-devel-1.8.2-8.15.1 libgcrypt-devel-debuginfo-1.8.2-8.15.1 libgcrypt20-1.8.2-8.15.1 libgcrypt20-debuginfo-1.8.2-8.15.1 libgcrypt20-hmac-1.8.2-8.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libgcrypt20-32bit-1.8.2-8.15.1 libgcrypt20-32bit-debuginfo-1.8.2-8.15.1 libgcrypt20-hmac-32bit-1.8.2-8.15.1 References: https://bugzilla.suse.com/1155337 https://bugzilla.suse.com/1161215 https://bugzilla.suse.com/1161216 https://bugzilla.suse.com/1161218 https://bugzilla.suse.com/1161219 https://bugzilla.suse.com/1161220 From sle-updates at lists.suse.com Tue Feb 25 07:32:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:32:25 +0100 (CET) Subject: SUSE-SU-2020:0458-1: moderate: Security update for libexif Message-ID: <20200225143225.86196F798@maintenance.suse.de> SUSE Security Update: Security update for libexif ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0458-1 Rating: moderate References: #1120943 #1160770 Cross-References: CVE-2018-20030 CVE-2019-9278 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-458=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-458=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2020-458=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libexif-debugsource-0.6.21-5.3.1 libexif-devel-32bit-0.6.21-5.3.1 libexif12-32bit-0.6.21-5.3.1 libexif12-32bit-debuginfo-0.6.21-5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.21-5.3.1 libexif-devel-0.6.21-5.3.1 libexif12-0.6.21-5.3.1 libexif12-debuginfo-0.6.21-5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.21-5.3.1 libexif-devel-0.6.21-5.3.1 libexif12-0.6.21-5.3.1 libexif12-debuginfo-0.6.21-5.3.1 References: https://www.suse.com/security/cve/CVE-2018-20030.html https://www.suse.com/security/cve/CVE-2019-9278.html https://bugzilla.suse.com/1120943 https://bugzilla.suse.com/1160770 From sle-updates at lists.suse.com Tue Feb 25 07:33:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:33:12 +0100 (CET) Subject: SUSE-RU-2020:0471-1: moderate: Recommended update for crmsh Message-ID: <20200225143312.2A390F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0471-1 Rating: moderate References: #1141976 #1158060 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fixes a bug where a space was not allowed in cluster names and therefore produced a parser error (bsc#1141976) - Fixes a bug where running hb_report flushed dmesg and /var/log/messages (bsc#1158060) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-471=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.1.0+git.1581993582.18a6b810-3.22.1 crmsh-scripts-4.1.0+git.1581993582.18a6b810-3.22.1 References: https://bugzilla.suse.com/1141976 https://bugzilla.suse.com/1158060 From sle-updates at lists.suse.com Tue Feb 25 07:33:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:33:59 +0100 (CET) Subject: SUSE-RU-2020:0444-1: moderate: Recommended update for sssd Message-ID: <20200225143359.CCC8DF796@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0444-1 Rating: moderate References: #1106598 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd fixes the following issues: - Install the Infopipe dbus service (bsc#1106598) - Fix some package installation warnings Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-444=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-444=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libnfsidmap-sss-1.16.1-3.37.1 libnfsidmap-sss-debuginfo-1.16.1-3.37.1 python3-ipa_hbac-1.16.1-3.37.1 python3-ipa_hbac-debuginfo-1.16.1-3.37.1 python3-sss-murmur-1.16.1-3.37.1 python3-sss-murmur-debuginfo-1.16.1-3.37.1 python3-sss_nss_idmap-1.16.1-3.37.1 python3-sss_nss_idmap-debuginfo-1.16.1-3.37.1 sssd-debuginfo-1.16.1-3.37.1 sssd-debugsource-1.16.1-3.37.1 sssd-winbind-idmap-1.16.1-3.37.1 sssd-winbind-idmap-debuginfo-1.16.1-3.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-3.37.1 libipa_hbac0-1.16.1-3.37.1 libipa_hbac0-debuginfo-1.16.1-3.37.1 libsss_certmap-devel-1.16.1-3.37.1 libsss_certmap0-1.16.1-3.37.1 libsss_certmap0-debuginfo-1.16.1-3.37.1 libsss_idmap-devel-1.16.1-3.37.1 libsss_idmap0-1.16.1-3.37.1 libsss_idmap0-debuginfo-1.16.1-3.37.1 libsss_nss_idmap-devel-1.16.1-3.37.1 libsss_nss_idmap0-1.16.1-3.37.1 libsss_nss_idmap0-debuginfo-1.16.1-3.37.1 libsss_simpleifp-devel-1.16.1-3.37.1 libsss_simpleifp0-1.16.1-3.37.1 libsss_simpleifp0-debuginfo-1.16.1-3.37.1 python3-sssd-config-1.16.1-3.37.1 python3-sssd-config-debuginfo-1.16.1-3.37.1 sssd-1.16.1-3.37.1 sssd-ad-1.16.1-3.37.1 sssd-ad-debuginfo-1.16.1-3.37.1 sssd-dbus-1.16.1-3.37.1 sssd-dbus-debuginfo-1.16.1-3.37.1 sssd-debuginfo-1.16.1-3.37.1 sssd-debugsource-1.16.1-3.37.1 sssd-ipa-1.16.1-3.37.1 sssd-ipa-debuginfo-1.16.1-3.37.1 sssd-krb5-1.16.1-3.37.1 sssd-krb5-common-1.16.1-3.37.1 sssd-krb5-common-debuginfo-1.16.1-3.37.1 sssd-krb5-debuginfo-1.16.1-3.37.1 sssd-ldap-1.16.1-3.37.1 sssd-ldap-debuginfo-1.16.1-3.37.1 sssd-proxy-1.16.1-3.37.1 sssd-proxy-debuginfo-1.16.1-3.37.1 sssd-tools-1.16.1-3.37.1 sssd-tools-debuginfo-1.16.1-3.37.1 sssd-wbclient-1.16.1-3.37.1 sssd-wbclient-debuginfo-1.16.1-3.37.1 sssd-wbclient-devel-1.16.1-3.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): sssd-32bit-1.16.1-3.37.1 sssd-32bit-debuginfo-1.16.1-3.37.1 References: https://bugzilla.suse.com/1106598 From sle-updates at lists.suse.com Tue Feb 25 07:34:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:34:41 +0100 (CET) Subject: SUSE-RU-2020:0453-1: moderate: Recommended update for binutils Message-ID: <20200225143441.8345AF796@maintenance.suse.de> SUSE Recommended Update: Recommended update for binutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0453-1 Rating: moderate References: #1160590 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for binutils fixes the following issues: - Recognize the official name of s390 arch13: "z15". (bsc#1160590, jsc#SLE-7903 aka jsc#SLE-7464) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-453=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-453=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-453=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-453=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.32-7.8.1 binutils-debugsource-2.32-7.8.1 binutils-gold-2.32-7.8.1 binutils-gold-debuginfo-2.32-7.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.32-7.8.1 binutils-debugsource-2.32-7.8.1 binutils-gold-2.32-7.8.1 binutils-gold-debuginfo-2.32-7.8.1 cross-arm-binutils-2.32-7.8.1 cross-arm-binutils-debuginfo-2.32-7.8.1 cross-arm-binutils-debugsource-2.32-7.8.1 cross-avr-binutils-2.32-7.8.1 cross-avr-binutils-debuginfo-2.32-7.8.1 cross-avr-binutils-debugsource-2.32-7.8.1 cross-epiphany-binutils-2.32-7.8.1 cross-epiphany-binutils-debuginfo-2.32-7.8.1 cross-epiphany-binutils-debugsource-2.32-7.8.1 cross-hppa-binutils-2.32-7.8.1 cross-hppa-binutils-debuginfo-2.32-7.8.1 cross-hppa-binutils-debugsource-2.32-7.8.1 cross-hppa64-binutils-2.32-7.8.1 cross-hppa64-binutils-debuginfo-2.32-7.8.1 cross-hppa64-binutils-debugsource-2.32-7.8.1 cross-i386-binutils-2.32-7.8.1 cross-i386-binutils-debuginfo-2.32-7.8.1 cross-i386-binutils-debugsource-2.32-7.8.1 cross-ia64-binutils-2.32-7.8.1 cross-ia64-binutils-debuginfo-2.32-7.8.1 cross-ia64-binutils-debugsource-2.32-7.8.1 cross-m68k-binutils-2.32-7.8.1 cross-m68k-binutils-debuginfo-2.32-7.8.1 cross-m68k-binutils-debugsource-2.32-7.8.1 cross-mips-binutils-2.32-7.8.1 cross-mips-binutils-debuginfo-2.32-7.8.1 cross-mips-binutils-debugsource-2.32-7.8.1 cross-ppc-binutils-2.32-7.8.1 cross-ppc-binutils-debuginfo-2.32-7.8.1 cross-ppc-binutils-debugsource-2.32-7.8.1 cross-ppc64-binutils-2.32-7.8.1 cross-ppc64-binutils-debuginfo-2.32-7.8.1 cross-ppc64-binutils-debugsource-2.32-7.8.1 cross-riscv64-binutils-2.32-7.8.1 cross-riscv64-binutils-debuginfo-2.32-7.8.1 cross-riscv64-binutils-debugsource-2.32-7.8.1 cross-rx-binutils-2.32-7.8.1 cross-rx-binutils-debuginfo-2.32-7.8.1 cross-rx-binutils-debugsource-2.32-7.8.1 cross-s390-binutils-2.32-7.8.1 cross-s390-binutils-debuginfo-2.32-7.8.1 cross-s390-binutils-debugsource-2.32-7.8.1 cross-sparc-binutils-2.32-7.8.1 cross-sparc-binutils-debuginfo-2.32-7.8.1 cross-sparc-binutils-debugsource-2.32-7.8.1 cross-sparc64-binutils-2.32-7.8.1 cross-sparc64-binutils-debuginfo-2.32-7.8.1 cross-sparc64-binutils-debugsource-2.32-7.8.1 cross-spu-binutils-2.32-7.8.1 cross-spu-binutils-debuginfo-2.32-7.8.1 cross-spu-binutils-debugsource-2.32-7.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le x86_64): cross-s390x-binutils-2.32-7.8.1 cross-s390x-binutils-debuginfo-2.32-7.8.1 cross-s390x-binutils-debugsource-2.32-7.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x): cross-x86_64-binutils-2.32-7.8.1 cross-x86_64-binutils-debuginfo-2.32-7.8.1 cross-x86_64-binutils-debugsource-2.32-7.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le s390x x86_64): cross-aarch64-binutils-2.32-7.8.1 cross-aarch64-binutils-debuginfo-2.32-7.8.1 cross-aarch64-binutils-debugsource-2.32-7.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x x86_64): cross-ppc64le-binutils-2.32-7.8.1 cross-ppc64le-binutils-debuginfo-2.32-7.8.1 cross-ppc64le-binutils-debugsource-2.32-7.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): binutils-debugsource-2.32-7.8.1 binutils-devel-32bit-2.32-7.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): binutils-2.32-7.8.1 binutils-debuginfo-2.32-7.8.1 binutils-debugsource-2.32-7.8.1 binutils-devel-2.32-7.8.1 References: https://bugzilla.suse.com/1160590 From sle-updates at lists.suse.com Tue Feb 25 07:35:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:35:22 +0100 (CET) Subject: SUSE-RU-2020:0465-1: moderate: Recommended update for crmsh Message-ID: <20200225143522.EEAAEF796@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0465-1 Rating: moderate References: #1141976 #1158060 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fixes a bug where a space was not allowed in cluster names and therefore produced a parser error (bsc#1141976) - Fixes a bug where running hb_report flushed dmesg and /var/log/messages (bsc#1158060) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-465=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-465=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (noarch): crmsh-4.1.0+git.1581993582.18a6b810-2.22.1 crmsh-scripts-4.1.0+git.1581993582.18a6b810-2.22.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): crmsh-4.1.0+git.1581993582.18a6b810-2.22.1 crmsh-scripts-4.1.0+git.1581993582.18a6b810-2.22.1 References: https://bugzilla.suse.com/1141976 https://bugzilla.suse.com/1158060 From sle-updates at lists.suse.com Tue Feb 25 07:36:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:36:16 +0100 (CET) Subject: SUSE-SU-2020:0455-1: important: Security update for nodejs10 Message-ID: <20200225143616.193A9F796@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0455-1 Rating: important References: #1163102 #1163103 #1163104 Cross-References: CVE-2019-15604 CVE-2019-15605 CVE-2019-15606 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.19.0. Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). - CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-455=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-455=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-455=1 - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2020-455=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-455=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-455=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): nodejs10-10.19.0-1.18.1 nodejs10-debuginfo-10.19.0-1.18.1 nodejs10-debugsource-10.19.0-1.18.1 nodejs10-devel-10.19.0-1.18.1 npm10-10.19.0-1.18.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): nodejs10-docs-10.19.0-1.18.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nodejs10-10.19.0-1.18.1 nodejs10-debuginfo-10.19.0-1.18.1 nodejs10-debugsource-10.19.0-1.18.1 nodejs10-devel-10.19.0-1.18.1 npm10-10.19.0-1.18.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): nodejs10-docs-10.19.0-1.18.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): nodejs10-10.19.0-1.18.1 nodejs10-debuginfo-10.19.0-1.18.1 nodejs10-debugsource-10.19.0-1.18.1 nodejs10-devel-10.19.0-1.18.1 npm10-10.19.0-1.18.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): nodejs10-docs-10.19.0-1.18.1 - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): nodejs10-10.19.0-1.18.1 nodejs10-debuginfo-10.19.0-1.18.1 nodejs10-debugsource-10.19.0-1.18.1 nodejs10-devel-10.19.0-1.18.1 npm10-10.19.0-1.18.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): nodejs10-docs-10.19.0-1.18.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nodejs10-10.19.0-1.18.1 nodejs10-debuginfo-10.19.0-1.18.1 nodejs10-debugsource-10.19.0-1.18.1 nodejs10-devel-10.19.0-1.18.1 npm10-10.19.0-1.18.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): nodejs10-docs-10.19.0-1.18.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nodejs10-10.19.0-1.18.1 nodejs10-debuginfo-10.19.0-1.18.1 nodejs10-debugsource-10.19.0-1.18.1 nodejs10-devel-10.19.0-1.18.1 npm10-10.19.0-1.18.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): nodejs10-docs-10.19.0-1.18.1 References: https://www.suse.com/security/cve/CVE-2019-15604.html https://www.suse.com/security/cve/CVE-2019-15605.html https://www.suse.com/security/cve/CVE-2019-15606.html https://bugzilla.suse.com/1163102 https://bugzilla.suse.com/1163103 https://bugzilla.suse.com/1163104 From sle-updates at lists.suse.com Tue Feb 25 07:37:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:37:13 +0100 (CET) Subject: SUSE-SU-2020:0454-1: important: Security update for nodejs8 Message-ID: <20200225143713.53E25F796@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0454-1 Rating: important References: #1163102 #1163103 #1163104 Cross-References: CVE-2019-15604 CVE-2019-15605 CVE-2019-15606 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs8 fixes the following issues: Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). - CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-454=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-454=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-454=1 - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2020-454=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-454=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-454=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): nodejs8-8.17.0-3.28.1 nodejs8-debuginfo-8.17.0-3.28.1 nodejs8-debugsource-8.17.0-3.28.1 nodejs8-devel-8.17.0-3.28.1 npm8-8.17.0-3.28.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): nodejs8-docs-8.17.0-3.28.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nodejs8-8.17.0-3.28.1 nodejs8-debuginfo-8.17.0-3.28.1 nodejs8-debugsource-8.17.0-3.28.1 nodejs8-devel-8.17.0-3.28.1 npm8-8.17.0-3.28.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): nodejs8-docs-8.17.0-3.28.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-3.28.1 nodejs8-debuginfo-8.17.0-3.28.1 nodejs8-debugsource-8.17.0-3.28.1 nodejs8-devel-8.17.0-3.28.1 npm8-8.17.0-3.28.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): nodejs8-docs-8.17.0-3.28.1 - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-3.28.1 nodejs8-debuginfo-8.17.0-3.28.1 nodejs8-debugsource-8.17.0-3.28.1 nodejs8-devel-8.17.0-3.28.1 npm8-8.17.0-3.28.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): nodejs8-docs-8.17.0-3.28.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nodejs8-8.17.0-3.28.1 nodejs8-debuginfo-8.17.0-3.28.1 nodejs8-debugsource-8.17.0-3.28.1 nodejs8-devel-8.17.0-3.28.1 npm8-8.17.0-3.28.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): nodejs8-docs-8.17.0-3.28.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nodejs8-8.17.0-3.28.1 nodejs8-debuginfo-8.17.0-3.28.1 nodejs8-debugsource-8.17.0-3.28.1 nodejs8-devel-8.17.0-3.28.1 npm8-8.17.0-3.28.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): nodejs8-docs-8.17.0-3.28.1 References: https://www.suse.com/security/cve/CVE-2019-15604.html https://www.suse.com/security/cve/CVE-2019-15605.html https://www.suse.com/security/cve/CVE-2019-15606.html https://bugzilla.suse.com/1163102 https://bugzilla.suse.com/1163103 https://bugzilla.suse.com/1163104 From sle-updates at lists.suse.com Tue Feb 25 07:38:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 15:38:06 +0100 (CET) Subject: SUSE-RU-2020:0460-1: moderate: Recommended update for build Message-ID: <20200225143806.0DC50F796@maintenance.suse.de> SUSE Recommended Update: Recommended update for build ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0460-1 Rating: moderate References: #1161983 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for build fixes the following issues: - Added support for Arch Linux zstd format - Does now allow to enter buildroots w/o receipe - qemu vm_type is now running qemu system emulator (works only for aarch64, armv7l, ppc64/ppc64le, s390/s390x, riscv64) (see this rpm's changelog for more details) For all technical changes, please refer to this rpm's changelog. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-460=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-460=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): build-initvm-aarch64-20200110-3.6.1 build-initvm-powerpc64le-20200110-3.6.1 build-initvm-s390x-20200110-3.6.1 build-initvm-x86_64-20200110-3.6.1 build-mkdrpms-20200110-3.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): build-20200110-3.6.1 build-mkbaselibs-20200110-3.6.1 References: https://bugzilla.suse.com/1161983 From sle-updates at lists.suse.com Tue Feb 25 10:11:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 18:11:37 +0100 (CET) Subject: SUSE-RU-2020:0476-1: moderate: Recommended update for perl Message-ID: <20200225171137.C8473F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0476-1 Rating: moderate References: #1102840 #1160039 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for perl fixes the following issues: - Some packages make assumptions about the date and time they are built. This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-476=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-476=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-476=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): perl-32bit-5.26.1-7.9.1 perl-32bit-debuginfo-5.26.1-7.9.1 perl-debugsource-5.26.1-7.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): perl-doc-5.26.1-7.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): perl-5.26.1-7.9.1 perl-base-5.26.1-7.9.1 perl-base-debuginfo-5.26.1-7.9.1 perl-debuginfo-5.26.1-7.9.1 perl-debugsource-5.26.1-7.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): perl-32bit-debuginfo-5.26.1-7.9.1 perl-base-32bit-5.26.1-7.9.1 perl-base-32bit-debuginfo-5.26.1-7.9.1 References: https://bugzilla.suse.com/1102840 https://bugzilla.suse.com/1160039 From sle-updates at lists.suse.com Tue Feb 25 10:12:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 18:12:23 +0100 (CET) Subject: SUSE-SU-2020:14292-1: important: Security update for ppp Message-ID: <20200225171223.C1DB1F798@maintenance.suse.de> SUSE Security Update: Security update for ppp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14292-1 Rating: important References: #1162610 Cross-References: CVE-2020-8597 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-ppp-14292=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-ppp-14292=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ppp-14292=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ppp-14292=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): ppp-2.4.5.git-2.32.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ppp-2.4.5.git-2.32.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): ppp-debuginfo-2.4.5.git-2.32.3.1 ppp-debugsource-2.4.5.git-2.32.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ppp-debuginfo-2.4.5.git-2.32.3.1 ppp-debugsource-2.4.5.git-2.32.3.1 References: https://www.suse.com/security/cve/CVE-2020-8597.html https://bugzilla.suse.com/1162610 From sle-updates at lists.suse.com Tue Feb 25 10:13:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 18:13:04 +0100 (CET) Subject: SUSE-RU-2019:0198-2: moderate: Recommended update for llvm6, jsoncpp Message-ID: <20200225171304.BA428F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for llvm6, jsoncpp ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0198-2 Rating: moderate References: #1112730 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for llvm6, jsoncpp provides the following fixes: Changes in llvm6: - Make sure opt-viewer installed in /usr/bin can find resources from /usr/share/opt-viewer. (bsc#1112730) - Make sure llvm6-polly will not conflict with future llvm7-polly. - Add direct conflict between llvm6-polly-devel and future llvm7-polly-devel to prevent false reports of file conflicts. Changes in jsoncpp: - No change rebuild to get libjsoncpp1 released to SDK 12-SP4. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-473=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-473=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): jsoncpp-debugsource-1.6.5-3.2.1 libLTO6-6.0.0-2.3.2 libLTO6-debuginfo-6.0.0-2.3.2 libjsoncpp1-1.6.5-3.2.1 libjsoncpp1-debuginfo-1.6.5-3.2.1 llvm6-6.0.0-2.3.2 llvm6-LTO-devel-6.0.0-2.3.2 llvm6-debuginfo-6.0.0-2.3.2 llvm6-debugsource-6.0.0-2.3.2 llvm6-devel-6.0.0-2.3.2 llvm6-devel-debuginfo-6.0.0-2.3.2 llvm6-gold-6.0.0-2.3.2 llvm6-gold-debuginfo-6.0.0-2.3.2 llvm6-polly-6.0.0-2.3.2 llvm6-polly-debuginfo-6.0.0-2.3.2 llvm6-polly-devel-6.0.0-2.3.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libLLVM6-6.0.0-2.3.2 libLLVM6-debuginfo-6.0.0-2.3.2 llvm6-debuginfo-6.0.0-2.3.2 llvm6-debugsource-6.0.0-2.3.2 - SUSE Linux Enterprise Server 12-SP5 (x86_64): libLLVM6-32bit-6.0.0-2.3.2 libLLVM6-debuginfo-32bit-6.0.0-2.3.2 References: https://bugzilla.suse.com/1112730 From sle-updates at lists.suse.com Tue Feb 25 10:13:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 18:13:47 +0100 (CET) Subject: SUSE-SU-2020:0474-1: moderate: Security update for openssl Message-ID: <20200225171347.63B34F798@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0474-1 Rating: moderate References: #1117951 #1158809 #1160163 Cross-References: CVE-2019-1551 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for openssl fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Non-security issue fixed: - Fixed a crash in BN_copy (bsc#1160163). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-474=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-474=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-474=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-474=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-474=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-474=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-474=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-474=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-474=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-474=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-474=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libopenssl-devel-1.0.2j-60.60.1 libopenssl1_0_0-1.0.2j-60.60.1 libopenssl1_0_0-32bit-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.60.1 libopenssl1_0_0-hmac-1.0.2j-60.60.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 openssl-1.0.2j-60.60.1 openssl-debuginfo-1.0.2j-60.60.1 openssl-debugsource-1.0.2j-60.60.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): openssl-doc-1.0.2j-60.60.1 - SUSE OpenStack Cloud 8 (x86_64): libopenssl-devel-1.0.2j-60.60.1 libopenssl1_0_0-1.0.2j-60.60.1 libopenssl1_0_0-32bit-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.60.1 libopenssl1_0_0-hmac-1.0.2j-60.60.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 openssl-1.0.2j-60.60.1 openssl-debuginfo-1.0.2j-60.60.1 openssl-debugsource-1.0.2j-60.60.1 - SUSE OpenStack Cloud 8 (noarch): openssl-doc-1.0.2j-60.60.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libopenssl-devel-1.0.2j-60.60.1 libopenssl1_0_0-1.0.2j-60.60.1 libopenssl1_0_0-32bit-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.60.1 libopenssl1_0_0-hmac-1.0.2j-60.60.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 openssl-1.0.2j-60.60.1 openssl-debuginfo-1.0.2j-60.60.1 openssl-debugsource-1.0.2j-60.60.1 - SUSE OpenStack Cloud 7 (noarch): openssl-doc-1.0.2j-60.60.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libopenssl-devel-1.0.2j-60.60.1 libopenssl1_0_0-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-1.0.2j-60.60.1 libopenssl1_0_0-hmac-1.0.2j-60.60.1 openssl-1.0.2j-60.60.1 openssl-debuginfo-1.0.2j-60.60.1 openssl-debugsource-1.0.2j-60.60.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libopenssl1_0_0-32bit-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.60.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): openssl-doc-1.0.2j-60.60.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libopenssl-devel-1.0.2j-60.60.1 libopenssl1_0_0-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-1.0.2j-60.60.1 libopenssl1_0_0-hmac-1.0.2j-60.60.1 openssl-1.0.2j-60.60.1 openssl-debuginfo-1.0.2j-60.60.1 openssl-debugsource-1.0.2j-60.60.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): openssl-doc-1.0.2j-60.60.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libopenssl1_0_0-32bit-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.60.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.60.1 libopenssl1_0_0-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-1.0.2j-60.60.1 libopenssl1_0_0-hmac-1.0.2j-60.60.1 openssl-1.0.2j-60.60.1 openssl-debuginfo-1.0.2j-60.60.1 openssl-debugsource-1.0.2j-60.60.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.60.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): openssl-doc-1.0.2j-60.60.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libopenssl-devel-1.0.2j-60.60.1 libopenssl1_0_0-1.0.2j-60.60.1 libopenssl1_0_0-32bit-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.60.1 libopenssl1_0_0-hmac-1.0.2j-60.60.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 openssl-1.0.2j-60.60.1 openssl-debuginfo-1.0.2j-60.60.1 openssl-debugsource-1.0.2j-60.60.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): openssl-doc-1.0.2j-60.60.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.60.1 libopenssl1_0_0-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-1.0.2j-60.60.1 libopenssl1_0_0-hmac-1.0.2j-60.60.1 openssl-1.0.2j-60.60.1 openssl-debuginfo-1.0.2j-60.60.1 openssl-debugsource-1.0.2j-60.60.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.60.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): openssl-doc-1.0.2j-60.60.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenssl-devel-1.0.2j-60.60.1 libopenssl1_0_0-1.0.2j-60.60.1 libopenssl1_0_0-32bit-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.60.1 libopenssl1_0_0-hmac-1.0.2j-60.60.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 openssl-1.0.2j-60.60.1 openssl-debuginfo-1.0.2j-60.60.1 openssl-debugsource-1.0.2j-60.60.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openssl-doc-1.0.2j-60.60.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libopenssl-devel-1.0.2j-60.60.1 libopenssl1_0_0-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-1.0.2j-60.60.1 libopenssl1_0_0-hmac-1.0.2j-60.60.1 openssl-1.0.2j-60.60.1 openssl-debuginfo-1.0.2j-60.60.1 openssl-debugsource-1.0.2j-60.60.1 - SUSE Enterprise Storage 5 (noarch): openssl-doc-1.0.2j-60.60.1 - SUSE Enterprise Storage 5 (x86_64): libopenssl1_0_0-32bit-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.60.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 - SUSE CaaS Platform 3.0 (x86_64): libopenssl1_0_0-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-1.0.2j-60.60.1 openssl-1.0.2j-60.60.1 openssl-debuginfo-1.0.2j-60.60.1 openssl-debugsource-1.0.2j-60.60.1 - HPE Helion Openstack 8 (noarch): openssl-doc-1.0.2j-60.60.1 - HPE Helion Openstack 8 (x86_64): libopenssl-devel-1.0.2j-60.60.1 libopenssl1_0_0-1.0.2j-60.60.1 libopenssl1_0_0-32bit-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-1.0.2j-60.60.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.60.1 libopenssl1_0_0-hmac-1.0.2j-60.60.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 openssl-1.0.2j-60.60.1 openssl-debuginfo-1.0.2j-60.60.1 openssl-debugsource-1.0.2j-60.60.1 References: https://www.suse.com/security/cve/CVE-2019-1551.html https://bugzilla.suse.com/1117951 https://bugzilla.suse.com/1158809 https://bugzilla.suse.com/1160163 From sle-updates at lists.suse.com Tue Feb 25 10:14:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 18:14:43 +0100 (CET) Subject: SUSE-RU-2020:0475-1: moderate: Recommended update for systemd Message-ID: <20200225171443.0D5F8F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0475-1 Rating: moderate References: #1160595 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemd fixes the following issues: - Remove TasksMax limit for both user and system slices (jsc#SLE-10123) - Backport IP filtering feature (jsc#SLE-7743 bsc#1160595) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-475=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-475=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libsystemd0-mini-234-24.42.1 libsystemd0-mini-debuginfo-234-24.42.1 libudev-mini-devel-234-24.42.1 libudev-mini1-234-24.42.1 libudev-mini1-debuginfo-234-24.42.1 nss-myhostname-234-24.42.1 nss-myhostname-debuginfo-234-24.42.1 nss-mymachines-234-24.42.1 nss-mymachines-debuginfo-234-24.42.1 nss-systemd-234-24.42.1 nss-systemd-debuginfo-234-24.42.1 systemd-debuginfo-234-24.42.1 systemd-debugsource-234-24.42.1 systemd-logger-234-24.42.1 systemd-mini-234-24.42.1 systemd-mini-container-mini-234-24.42.1 systemd-mini-container-mini-debuginfo-234-24.42.1 systemd-mini-coredump-mini-234-24.42.1 systemd-mini-coredump-mini-debuginfo-234-24.42.1 systemd-mini-debuginfo-234-24.42.1 systemd-mini-debugsource-234-24.42.1 systemd-mini-devel-234-24.42.1 systemd-mini-sysvinit-234-24.42.1 udev-mini-234-24.42.1 udev-mini-debuginfo-234-24.42.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libudev-devel-32bit-234-24.42.1 nss-myhostname-32bit-234-24.42.1 nss-myhostname-32bit-debuginfo-234-24.42.1 nss-mymachines-32bit-234-24.42.1 nss-mymachines-32bit-debuginfo-234-24.42.1 systemd-32bit-debuginfo-234-24.42.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): systemd-mini-bash-completion-234-24.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.42.1 libsystemd0-debuginfo-234-24.42.1 libudev-devel-234-24.42.1 libudev1-234-24.42.1 libudev1-debuginfo-234-24.42.1 systemd-234-24.42.1 systemd-container-234-24.42.1 systemd-container-debuginfo-234-24.42.1 systemd-coredump-234-24.42.1 systemd-coredump-debuginfo-234-24.42.1 systemd-debuginfo-234-24.42.1 systemd-debugsource-234-24.42.1 systemd-devel-234-24.42.1 systemd-sysvinit-234-24.42.1 udev-234-24.42.1 udev-debuginfo-234-24.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libsystemd0-32bit-234-24.42.1 libsystemd0-32bit-debuginfo-234-24.42.1 libudev1-32bit-234-24.42.1 libudev1-32bit-debuginfo-234-24.42.1 systemd-32bit-234-24.42.1 systemd-32bit-debuginfo-234-24.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): systemd-bash-completion-234-24.42.1 References: https://bugzilla.suse.com/1160595 From sle-updates at lists.suse.com Tue Feb 25 13:11:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 21:11:22 +0100 (CET) Subject: SUSE-RU-2020:0478-1: Recommended update for release-notes-ha Message-ID: <20200225201122.69A97F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ha ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0478-1 Rating: low References: #1122351 #1162885 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-ha fixes the following issues: - Set the correct support cycle (bsc#1162885) - Replaced links that have pointed to a wrong location (bsc#1122351) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-478=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): release-notes-ha-15.1.20200207-8.5.1 References: https://bugzilla.suse.com/1122351 https://bugzilla.suse.com/1162885 From sle-updates at lists.suse.com Tue Feb 25 13:12:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 21:12:06 +0100 (CET) Subject: SUSE-RU-2020:0477-1: Recommended update for valgrind Message-ID: <20200225201206.9ADCBF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for valgrind ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0477-1 Rating: low References: #1147071 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for valgrind fixes the following issues: - Transfer s390 related xml files to main package. (bsc#1147071) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-477=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): valgrind-3.15.0-3.3.1 valgrind-debuginfo-3.15.0-3.3.1 valgrind-debugsource-3.15.0-3.3.1 valgrind-devel-3.15.0-3.3.1 References: https://bugzilla.suse.com/1147071 From sle-updates at lists.suse.com Tue Feb 25 13:12:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 21:12:45 +0100 (CET) Subject: SUSE-RU-2020:0483-1: moderate: Recommended update for ndctl Message-ID: <20200225201245.EF3E1F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for ndctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0483-1 Rating: moderate References: #1156308 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ndctl fixes the following issues: - Fix for init-labels mis-reporting success due to parsing issue of 'ndctl init-labels'. (bsc#1156308, ltc#181441) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-483=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-483=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (ppc64le x86_64): ndctl-64.1-3.6.1 ndctl-debuginfo-64.1-3.6.1 ndctl-debugsource-64.1-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (ppc64le x86_64): libndctl-devel-64.1-3.6.1 libndctl6-64.1-3.6.1 libndctl6-debuginfo-64.1-3.6.1 ndctl-debuginfo-64.1-3.6.1 ndctl-debugsource-64.1-3.6.1 References: https://bugzilla.suse.com/1156308 From sle-updates at lists.suse.com Tue Feb 25 13:13:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 21:13:25 +0100 (CET) Subject: SUSE-RU-2020:0482-1: moderate: Recommended update for policycoreutils Message-ID: <20200225201325.C5EF3F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for policycoreutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0482-1 Rating: moderate References: #1162674 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for policycoreutils fixes the following issues: - Prevent failures when loading seobject on systems without policies (bsc#1162674) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-482=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-482=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): policycoreutils-debuginfo-2.8-11.6.1 policycoreutils-debugsource-2.8-11.6.1 policycoreutils-devel-2.8-11.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): policycoreutils-2.8-11.6.1 policycoreutils-debuginfo-2.8-11.6.1 policycoreutils-debugsource-2.8-11.6.1 policycoreutils-newrole-2.8-11.6.1 policycoreutils-newrole-debuginfo-2.8-11.6.1 python3-policycoreutils-2.8-11.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): policycoreutils-lang-2.8-11.6.1 References: https://bugzilla.suse.com/1162674 From sle-updates at lists.suse.com Tue Feb 25 13:14:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 21:14:06 +0100 (CET) Subject: SUSE-RU-2020:0485-1: moderate: Recommended update for cpupower Message-ID: <20200225201406.7B538F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpupower ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0485-1 Rating: moderate References: #1117709 #1141729 #1152967 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cpupower fixes the following issues: - Fix for aperf/mperf monitoring on latest AMD Rome CPUs and prevent showing wrong CPU information. (bsc#1152967) - Fix for showing proper frequency information for all available CPUs. (bsc#1141729) - Fix for listing available CPU governors incompletely. (bsc#1117709) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-485=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-485=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): cpupower-bench-4.19-6.5.1 cpupower-bench-debuginfo-4.19-6.5.1 cpupower-debuginfo-4.19-6.5.1 cpupower-debugsource-4.19-6.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): cpupower-4.19-6.5.1 cpupower-debuginfo-4.19-6.5.1 cpupower-debugsource-4.19-6.5.1 cpupower-devel-4.19-6.5.1 libcpupower0-4.19-6.5.1 libcpupower0-debuginfo-4.19-6.5.1 References: https://bugzilla.suse.com/1117709 https://bugzilla.suse.com/1141729 https://bugzilla.suse.com/1152967 From sle-updates at lists.suse.com Tue Feb 25 13:15:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 21:15:02 +0100 (CET) Subject: SUSE-RU-2020:0484-1: moderate: Recommended update for migrate-sles-to-sles4sap Message-ID: <20200225201502.EC1CDF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for migrate-sles-to-sles4sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0484-1 Rating: moderate References: #1111413 #1112548 #992621 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for migrate-sles-to-sles4sap fixes the following issues: - Implement migration script for SLES 15 GA. (jsc#ECO-712) - Removed several unnecessary hardcoded functions and subroutines, due to changes in SUSEConnect. (bsc#1112548) - Bootloader change isn't necessary anymore as SLES will always be shown in GRUB2 regardless if SLES or SLES for SAP. - Removed hardcoded version dependencies to make the script version independent. (bsc#1112548) - Added rollback in case of failed migration. - Added additional runtime warnings and migration information for user. - Fix product checking during the upgrade/migration. (bsc#1111413) - Fixing JeOS and Migrate scripts. (bsc#992621) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-484=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-484=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-484=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-484=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-484=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-484=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-484=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): migrate-sles-to-sles4sap-12.3.0-4.3.6 - SUSE OpenStack Cloud 8 (noarch): migrate-sles-to-sles4sap-12.3.0-4.3.6 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): migrate-sles-to-sles4sap-12.3.0-4.3.6 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): migrate-sles-to-sles4sap-12.3.0-4.3.6 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): migrate-sles-to-sles4sap-12.3.0-4.3.6 - SUSE Enterprise Storage 5 (noarch): migrate-sles-to-sles4sap-12.3.0-4.3.6 - HPE Helion Openstack 8 (noarch): migrate-sles-to-sles4sap-12.3.0-4.3.6 References: https://bugzilla.suse.com/1111413 https://bugzilla.suse.com/1112548 https://bugzilla.suse.com/992621 From sle-updates at lists.suse.com Tue Feb 25 13:15:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 21:15:57 +0100 (CET) Subject: SUSE-RU-2020:0481-1: moderate: Recommended update for perl-TimeDate Message-ID: <20200225201557.BF54CF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-TimeDate ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0481-1 Rating: moderate References: #1162433 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl-TimeDate fixes the following issues: - Fix for issues parsing date strings into time values correctly. (bsc#1162433) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-481=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): perl-TimeDate-2.30-3.6.1 References: https://bugzilla.suse.com/1162433 From sle-updates at lists.suse.com Tue Feb 25 13:16:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 21:16:36 +0100 (CET) Subject: SUSE-RU-2020:0479-1: moderate: Recommended update for lttng-modules Message-ID: <20200225201636.99DCAF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for lttng-modules ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0479-1 Rating: moderate References: #1134331 #1134335 #1134344 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for lttng-modules provides the following fixes: - Update lttng to match kernel-source changes to wakeup kcompactd even if kswapd cannot free more memory. - Fix general protection fault. (bsc#1134344) - Fix a migration scenario from RT 12-SP3 to 12-SP4 or 12-SP5. (bsc#1134335) - Fix a workqueue lockup. (bsc#1134331) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-479=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): lttng-modules-2.10.9-8.3.13 lttng-modules-debugsource-2.10.9-8.3.13 lttng-modules-kmp-default-2.10.9_k4.12.14_122.12-8.3.13 lttng-modules-kmp-default-debuginfo-2.10.9_k4.12.14_122.12-8.3.13 References: https://bugzilla.suse.com/1134331 https://bugzilla.suse.com/1134335 https://bugzilla.suse.com/1134344 From sle-updates at lists.suse.com Tue Feb 25 13:17:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Feb 2020 21:17:35 +0100 (CET) Subject: SUSE-RU-2020:0480-1: moderate: Recommended update for aaa_base Message-ID: <20200225201735.C1648F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0480-1 Rating: moderate References: #1160735 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aaa_base fixes the following issues: - Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-480=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-480=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-480=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.33.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.33.1 aaa_base-wsl-84.87+git20180409.04c9dae-3.33.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.33.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.33.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.33.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.33.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.33.1 aaa_base-extras-84.87+git20180409.04c9dae-3.33.1 References: https://bugzilla.suse.com/1160735 From sle-updates at lists.suse.com Wed Feb 26 00:11:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 08:11:36 +0100 (CET) Subject: SUSE-CU-2020:63-1: Recommended update of suse/sle15 Message-ID: <20200226071136.7DA29F798@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:63-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.167 Container Release : 6.2.167 Severity : low Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Wed Feb 26 00:16:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 08:16:43 +0100 (CET) Subject: SUSE-CU-2020:64-1: Recommended update of suse/sles12sp3 Message-ID: <20200226071643.3ED4BF798@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:64-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.112 , suse/sles12sp3:latest Container Release : 24.112 Severity : low Type : recommended References : ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Wed Feb 26 00:55:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 08:55:49 +0100 (CET) Subject: SUSE-CU-2020:63-1: Recommended update of suse/sle15 Message-ID: <20200226075549.66BD3F796@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:63-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.167 Container Release : 6.2.167 Severity : low Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Wed Feb 26 01:00:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 09:00:27 +0100 (CET) Subject: SUSE-CU-2020:64-1: Recommended update of suse/sles12sp3 Message-ID: <20200226080027.9E542F796@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:64-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.112 , suse/sles12sp3:latest Container Release : 24.112 Severity : low Type : recommended References : ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Wed Feb 26 07:04:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 15:04:58 +0100 (CET) Subject: SUSE-CU-2020:65-1: Recommended update of suse/sle15 Message-ID: <20200226140458.1906DF798@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:65-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.153 Container Release : 4.22.153 Severity : low Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Wed Feb 26 07:12:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 15:12:56 +0100 (CET) Subject: SUSE-SU-2020:0489-1: important: Security update for ppp Message-ID: <20200226141256.4943FF798@maintenance.suse.de> SUSE Security Update: Security update for ppp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0489-1 Rating: important References: #1162610 Cross-References: CVE-2020-8597 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-489=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-489=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-489=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2020-489=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): ppp-modem-2.4.7-5.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): ppp-modem-2.4.7-5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): ppp-2.4.7-5.3.1 ppp-debuginfo-2.4.7-5.3.1 ppp-debugsource-2.4.7-5.3.1 ppp-devel-2.4.7-5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ppp-2.4.7-5.3.1 ppp-debuginfo-2.4.7-5.3.1 ppp-debugsource-2.4.7-5.3.1 ppp-devel-2.4.7-5.3.1 References: https://www.suse.com/security/cve/CVE-2020-8597.html https://bugzilla.suse.com/1162610 From sle-updates at lists.suse.com Wed Feb 26 07:13:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 15:13:42 +0100 (CET) Subject: SUSE-SU-2020:0488-1: important: Security update for nodejs6 Message-ID: <20200226141342.D343FF798@maintenance.suse.de> SUSE Security Update: Security update for nodejs6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0488-1 Rating: important References: #1163102 #1163103 #1163104 Cross-References: CVE-2019-15604 CVE-2019-15605 CVE-2019-15606 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs6 fixes the following issues: Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). - CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-488=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-488=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-488=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-488=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): nodejs6-6.17.1-11.33.1 nodejs6-debuginfo-6.17.1-11.33.1 nodejs6-debugsource-6.17.1-11.33.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): nodejs6-6.17.1-11.33.1 nodejs6-debuginfo-6.17.1-11.33.1 nodejs6-debugsource-6.17.1-11.33.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): nodejs6-6.17.1-11.33.1 nodejs6-debuginfo-6.17.1-11.33.1 nodejs6-debugsource-6.17.1-11.33.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs6-6.17.1-11.33.1 nodejs6-debuginfo-6.17.1-11.33.1 nodejs6-debugsource-6.17.1-11.33.1 nodejs6-devel-6.17.1-11.33.1 npm6-6.17.1-11.33.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs6-docs-6.17.1-11.33.1 References: https://www.suse.com/security/cve/CVE-2019-15604.html https://www.suse.com/security/cve/CVE-2019-15605.html https://www.suse.com/security/cve/CVE-2019-15606.html https://bugzilla.suse.com/1163102 https://bugzilla.suse.com/1163103 https://bugzilla.suse.com/1163104 From sle-updates at lists.suse.com Wed Feb 26 07:14:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 15:14:35 +0100 (CET) Subject: SUSE-SU-2020:0487-1: moderate: Security update for squid Message-ID: <20200226141435.E8434F798@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0487-1 Rating: moderate References: #1162687 #1162689 #1162691 Cross-References: CVE-2019-12528 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for squid to version 4.10 fixes the following issues: Security issues fixed: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Non-security issue fixed: - Improved cache handling with chunked responses. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-487=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): squid-4.10-4.6.1 squid-debuginfo-4.10-4.6.1 squid-debugsource-4.10-4.6.1 References: https://www.suse.com/security/cve/CVE-2019-12528.html https://www.suse.com/security/cve/CVE-2020-8449.html https://www.suse.com/security/cve/CVE-2020-8450.html https://www.suse.com/security/cve/CVE-2020-8517.html https://bugzilla.suse.com/1162687 https://bugzilla.suse.com/1162689 https://bugzilla.suse.com/1162691 From sle-updates at lists.suse.com Wed Feb 26 07:15:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 15:15:36 +0100 (CET) Subject: SUSE-SU-2020:0490-1: important: Security update for ppp Message-ID: <20200226141536.54D46F798@maintenance.suse.de> SUSE Security Update: Security update for ppp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0490-1 Rating: important References: #1162610 Cross-References: CVE-2020-8597 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-490=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-490=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-490=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-490=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-490=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-490=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-490=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-490=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-490=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-490=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-490=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-490=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-490=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-490=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-490=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-490=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-490=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-490=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 - SUSE OpenStack Cloud 8 (x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 - SUSE OpenStack Cloud 7 (s390x x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 ppp-devel-2.4.7-4.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 ppp-devel-2.4.7-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 - HPE Helion Openstack 8 (x86_64): ppp-2.4.7-4.3.1 ppp-debuginfo-2.4.7-4.3.1 ppp-debugsource-2.4.7-4.3.1 References: https://www.suse.com/security/cve/CVE-2020-8597.html https://bugzilla.suse.com/1162610 From sle-updates at lists.suse.com Wed Feb 26 07:16:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 15:16:21 +0100 (CET) Subject: SUSE-RU-2020:0486-1: moderate: Recommended update for linuxrc Message-ID: <20200226141621.40FC0F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for linuxrc ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0486-1 Rating: moderate References: #1058039 #1163115 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for linuxrc fixes the following issues: - Move plymouthd start after screen size detection. (bsc#1163115) plymouthd is now started after the screen size detection for avoiding race conditions with linuxrc. This is because the screen size detection might potentially interfere with plymouthd as both linuxrc and plymouthd might try to read from the same serial line. - Iterate through the device list in sorted order. (bsc#1058039) When searching for the installation repository, linuxrc iterates through available local or network devices. As the devices were used in the order they appeared in sysfs, it was more or less random. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-486=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): linuxrc-6.0.12-3.3.1 linuxrc-debuginfo-6.0.12-3.3.1 linuxrc-debugsource-6.0.12-3.3.1 References: https://bugzilla.suse.com/1058039 https://bugzilla.suse.com/1163115 From sle-updates at lists.suse.com Wed Feb 26 10:12:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 18:12:16 +0100 (CET) Subject: SUSE-RU-2020:0492-1: moderate: Recommended update for yast2-sudo Message-ID: <20200226171216.7901EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0492-1 Rating: moderate References: #1156929 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-sudo fixes the following issues: - Prevent truncating the sudoers file after writing the changes. (bsc#1156929) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-492=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-sudo-4.0.0.1-3.6.11 References: https://bugzilla.suse.com/1156929 From sle-updates at lists.suse.com Wed Feb 26 10:12:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 18:12:55 +0100 (CET) Subject: SUSE-SU-2020:0493-1: moderate: Security update for squid Message-ID: <20200226171255.9D000F798@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0493-1 Rating: moderate References: #1162687 #1162689 #1162691 Cross-References: CVE-2019-12528 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for squid to version 4.10 fixes the following issues: Security issues fixed: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Non-security issue fixed: - Improved cache handling with chunked responses. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-493=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): squid-4.10-5.14.1 squid-debuginfo-4.10-5.14.1 squid-debugsource-4.10-5.14.1 References: https://www.suse.com/security/cve/CVE-2019-12528.html https://www.suse.com/security/cve/CVE-2020-8449.html https://www.suse.com/security/cve/CVE-2020-8450.html https://www.suse.com/security/cve/CVE-2020-8517.html https://bugzilla.suse.com/1162687 https://bugzilla.suse.com/1162689 https://bugzilla.suse.com/1162691 From sle-updates at lists.suse.com Wed Feb 26 10:13:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 18:13:47 +0100 (CET) Subject: SUSE-RU-2020:0494-1: moderate: Recommended update for ldb Message-ID: <20200226171347.85EF9F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for ldb ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0494-1 Rating: moderate References: #1162481 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ldb fixes the following issues: - Adjust 'LDB_MODULES_PATH' to reduce confusing informational messages in 'make test' output. (bsc#1162481) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-494=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-494=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.1.29-3.8.1 libldb-devel-1.1.29-3.8.1 python-ldb-1.1.29-3.8.1 python-ldb-debuginfo-1.1.29-3.8.1 python-ldb-devel-1.1.29-3.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.1.29-3.8.1 ldb-tools-1.1.29-3.8.1 ldb-tools-debuginfo-1.1.29-3.8.1 libldb1-1.1.29-3.8.1 libldb1-debuginfo-1.1.29-3.8.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libldb1-32bit-1.1.29-3.8.1 libldb1-debuginfo-32bit-1.1.29-3.8.1 References: https://bugzilla.suse.com/1162481 From sle-updates at lists.suse.com Wed Feb 26 13:11:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 21:11:31 +0100 (CET) Subject: SUSE-SU-2020:0495-1: moderate: Security update for ovmf Message-ID: <20200226201131.032F2F798@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0495-1 Rating: moderate References: #1077330 #1094291 #1163927 #1163959 #1163969 Cross-References: CVE-2018-0739 CVE-2019-14559 CVE-2019-14563 CVE-2019-14575 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094291). - CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation (bsc#1163959). - CVE-2019-14559: Fixed a remotely exploitable memory leak in the ARP handling code (bsc#1163927). - CVE-2019-14575: Fixed an insufficient signature check in the DxeImageVerificationHandler (bsc#1163969). Bug fixes: - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better compatibility. (bsc#1077330) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-495=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-495=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-495=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-495=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): ovmf-2015+git1462940744.321151f-19.10.3 ovmf-tools-2015+git1462940744.321151f-19.10.3 - SUSE OpenStack Cloud 7 (noarch): qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): ovmf-2015+git1462940744.321151f-19.10.3 ovmf-tools-2015+git1462940744.321151f-19.10.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): ovmf-2015+git1462940744.321151f-19.10.3 ovmf-tools-2015+git1462940744.321151f-19.10.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ovmf-2015+git1462940744.321151f-19.10.3 ovmf-tools-2015+git1462940744.321151f-19.10.3 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3 References: https://www.suse.com/security/cve/CVE-2018-0739.html https://www.suse.com/security/cve/CVE-2019-14559.html https://www.suse.com/security/cve/CVE-2019-14563.html https://www.suse.com/security/cve/CVE-2019-14575.html https://bugzilla.suse.com/1077330 https://bugzilla.suse.com/1094291 https://bugzilla.suse.com/1163927 https://bugzilla.suse.com/1163959 https://bugzilla.suse.com/1163969 From sle-updates at lists.suse.com Wed Feb 26 13:12:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 21:12:37 +0100 (CET) Subject: SUSE-RU-2020:0498-1: moderate: Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized Message-ID: <20200226201238.00923F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0498-1 Rating: moderate References: #1122669 #1136184 #1146853 #1146854 #1159018 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for aws-cli, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized, python-boto3, python-botocore, python-s3transfer fixes the following issues: python-aws-sam-translator was updated to 1.11.0 (bsc#1159018, jsc#PM-1507): Upgrade to 1.11.0: * Add ReservedConcurrentExecutions to globals * Fix ElasticsearchHttpPostPolicy resource reference * Support using AWS::Region in Ref and Sub * Documentation and examples updates * Add VersionDescription property to Serverless::Function * Update ServerlessRepoReadWriteAccessPolicy * Add additional template validation Upgrade to 1.10.0: * Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy * Add DynamoDBReconfigurePolicy * Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy * Add EKSDescribePolicy * Add SESBulkTemplatedCrudPolicy * Add FilterLogEventsPolicy * Add SSMParameterReadPolicy * Add SESEmailTemplateCrudPolicy * Add s3:PutObjectAcl to S3CrudPolicy * Add allow_credentials CORS option * Add support for AccessLogSetting and CanarySetting Serverless::Api properties * Add support for X-Ray in Serverless::Api * Add support for MinimumCompressionSize in Serverless::Api * Add Auth to Serverless::Api globals * Remove trailing slashes from APIGW permissions * Add SNS FilterPolicy and an example application * Add Enabled property to Serverless::Function event sources * Add support for PermissionsBoundary in Serverless::Function * Fix boto3 client initialization * Add PublicAccessBlockConfiguration property to S3 bucket resource * Make PAY_PER_REQUEST default mode for Serverless::SimpleTable * Add limited support for resolving intrinsics in Serverless::LayerVersion * SAM now uses Flake8 * Add example application for S3 Events written in Go * Updated several example applications python-cfn-lint was added in version 0.21.4: - Add upstream patch to fix EOL dates for lambda runtimes - Add upstream patch to fix test_config_expand_paths test - Rename to python-cfn-lint. This package has a python API, which is required by python-moto. Update to version 0.21.4: + Features * Include more resource types in W3037 + CloudFormation Specifications * Add Resource Type `AWS::CDK::Metadata` + Fixes * Uncap requests dependency in setup.py * Check Join functions have lists in the correct sections * Pass a parameter value for AutoPublishAlias when doing a Transform * Show usage examples when displaying the help Update to version 0.21.3 + Fixes * Support dumping strings for datetime objects when doing a Transform Update to version 0.21.2 + CloudFormation Specifications * Update CloudFormation specs to 3.3.0 * Update instance types from pricing API as of 2019.05.23 Update to version 0.21.1 + Features * Add `Info` logging capability and set the default logging to `NotSet` + Fixes * Only do rule logging (start/stop/time) when the rule is going to be called * Update rule E1019 to allow `Fn::Transform` inside a `Fn::Sub` * Update rule W2001 to not break when `Fn::Transform` inside a `Fn::Sub` * Update rule E2503 to allow conditions to be used and to not default to `network` load balancer when an object is used for the Load Balancer type Update to version 0.21.0 + Features * New rule E3038 to check if a Serverless resource includes the appropriate Transform * New rule E2531 to validate a Lambda's runtime against the deprecated dates * New rule W2531 to validate a Lambda's runtime against the EOL dates * Update rule E2541 to include updates to Code Pipeline capabilities * Update rule E2503 to include checking of values for load balancer attributes + CloudFormation Specifications * Update CloudFormation specs to 3.2.0 * Update instance types from pricing API as of 2019.05.20 + Fixes * Include setuptools in setup.py requires Update to version 0.20.3 + CloudFormation Specifications * Update instance types from pricing API as of 2019.05.16 + Fixes * Update E7001 to allow float/doubles for mapping values * Update W1020 to check pre-transformed Fn::Sub(s) to determine if a Sub is needed * Pin requests to be below or equal to 2.21.0 to prevent issues with botocore Update to version 0.20.2 + Features * Add support for List Parameter types + CloudFormation Specifications * Add allowed values for AWS::EC2 EIP, FlowLog, CustomerGateway, DHCPOptions, EC2Fleet * Create new property type for Security Group IDs or Names * Add new Lambda runtime environment for NodeJs 10.x * Move AWS::ServiceDiscovery::Service Health checks from Only One to Exclusive * Update Glue Crawler Role to take an ARN or a name * Remove PrimitiveType from MaintenanceWindowTarget Targets * Add Min/Max values for Load Balancer Ports to be between 1-65535 + Fixes * Include License file in the pypi package to help with downstream projects * Filter out dynamic references from rule E3031 and E3030 * Convert Python linting and Code Coverage from Python 3.6 to 3.7 Update to version 0.20.1 + Fixes * Update rule E8003 to support more functions inside a Fn::Equals Update to version 0.20.0 + Features * Allow a rule's exception to be defined in a resource's metadata * Add rule configuration capabilities * Update rule E3012 to allow for non strict property checking * Add rule E8003 to test Fn::Equals structure and syntax * Add rule E8004 to test Fn::And structure and syntax * Add rule E8005 to test Fn::Not structure and syntax * Add rule E8006 to test Fn::Or structure and syntax * Include Path to error in the JSON output * Update documentation to describe how to install cfn-lint from brew + CloudFormation Specifications * Update CloudFormation specs to version 3.0.0 * Add new region ap-east-1 * Add list min/max and string min/max for CloudWatch Alarm Actions * Add allowed values for EC2::LaunchTemplate * Add allowed values for EC2::Host * Update allowed values for Amazon MQ to include 5.15.9 * Add AWS::Greengrass::ResourceDefinition to GreenGrass supported regions * Add AWS::EC2::VPCEndpointService to all regions * Update AWS::ECS::TaskDefinition ExecutionRoleArn to be a IAM Role ARN * Patch spec files for SSM MaintenanceWindow to look for Target and not Targets * Update ManagedPolicyArns list size to be 20 which is the hard limit. 10 is the soft limit. + Fixes * Fix rule E3033 to check the string size when the string is inside a list * Fix an issue in which AWS::NotificationARNs was not a list * Add AWS::EC2::Volume to rule W3010 * Fix an issue with W2001 where SAM translate would remove the Ref to a parameter causing this error to falsely trigger * Fix rule W3010 to not error when the availability zone is 'all' Update to version 0.19.1 + Fixes * Fix core Condition processing to support direct Condition in another Condition * Fix the W2030 to check numbers against string allowed values Update to version 0.19.0 + Features * Add NS and PTR Route53 record checking to rule E3020 * New rule E3050 to check if a Ref to IAM Role has a Role path of '/' * New rule E3037 to look for duplicates in a list that doesn't support duplicates * New rule I3037 to look for duplicates in a list when duplicates are allowed + CloudFormation Specifications * Add Min/Max values to AWS::ElasticLoadBalancingV2::TargetGroup HealthCheckTimeoutSeconds * Add Max JSON size to AWS::IAM::ManagedPolicy PolicyDocument * Add allowed values for AWS::EC2 SpotFleet, TransitGateway, NetworkAcl NetworkInterface, PlacementGroup, and Volume * Add Min/max values to AWS::Budgets::Budget.Notification Threshold * Update RDS Instance types by database engine and license definitions using the pricing API * Update AWS::CodeBuild::Project ServiceRole to support Role Name or ARN * Update AWS::ECS::Service Role to support Role Name or ARN + Fixes * Update E3025 to support the new structure of data in the RDS instance type json * Update E2540 to remove all nested conditions from the object * Update E3030 to not do strict type checking * Update E3020 to support conditions nested in the record sets * Update E3008 to better handle CloudFormation sub stacks with different GetAtt formats Update to version 0.18.1 + CloudFormation Specifications * Update CloudFormation Specs to 2.30.0 * Fix IAM Regex Path to support more character types * Update AWS::Batch::ComputeEnvironment.ComputeResources InstanceRole to reference an InstanceProfile or GetAtt the InstanceProfile Arn * Allow VPC IDs to Ref a Parameter of type String + Fixes * Fix E3502 to check the size of the property instead of the parent object Update to version 0.18.0 + Features * New rule E3032 to check the size of lists * New rule E3502 to check JSON Object Size using definitions in the spec file * New rule E3033 to test the minimum and maximum length of a string * New rule E3034 to validate the min and max of a number * Remove Ebs Iops check from E2504 and use rule E3034 instead * Remove rule E2509 and use rule E3033 instead * Remove rule E2508 as it replaced by E3032 and E3502 * Update rule E2503 to check that there are at least two 2 Subnets or SubnetMappings for ALBs * SAM requirement upped to minimal version of 1.10.0 + CloudFormation Specifications * Extend specs to include: > `ListMin` and `ListMax` for the minimum and maximum size of a list > `JsonMax` to check the max size of a JSON Object > `StringMin` and `StringMax` to check the minimum and maximum length of a String > `NumberMin` and `NumberMax` to check the minimum and maximum value of a Number, Float, Long * Update State and ExecutionRoleArn to be required on AWS::DLM::LifecyclePolicy * Add AllowedValues for PerformanceInsightsRetentionPeriod for AWS::RDS::Instance * Add AllowedValues for the AWS::GuardDuty Resources * Add AllowedValues for AWS::EC2 VPC and VPN Resources * Switch IAM Instance Profiles for certain resources to the type that only takes the name * Add regex pattern for IAM Instance Profile when a name (not Arn) is used * Add regex pattern for IAM Paths * Add Regex pattern for IAM Role Arn * Update OnlyOne spec to require require at least one of Subnets or SubnetMappings with ELB v2 + Fixes * Fix serverless transform to use DefinitionBody when Auth is in the API definition * Fix rule W2030 to not error when checking SSM or List Parameters Update to version 0.17.1 + Features * Update rule E2503 to make sure NLBs don't have a Security Group configured + CloudFormation Specifications * Add all the allowed values of the `AWS::Glue` Resources * Update OnlyOne check for `AWS::CloudWatch::Alarm` to only `MetricName` or `Metrics` * Update Exclusive check for `AWS::CloudWatch::Alarm` for properties mixed with `Metrics` and `Statistic` * Update CloudFormation specs to 2.29.0 * Fix type with MariaDB in the AllowedValues * Update pricing information for data available on 2018.3.29 + Fixes * Fix rule E1029 to not look for a sub is needed when looking for iot strings in policies * Fix rule E2541 to allow for ActionId Versions of length 1-9 and meets regex `[0-9A-Za-z_-]+` * Fix rule E2532 to allow for `Parameters` inside a `Pass` action * Fix an issue when getting the location of an error in which numbers are causing an attribute error Update to version 0.17.0 + Features * Add new rule E3026 to validate Redis cluster settings including AutomaticFailoverEnabled and NumCacheClusters. Status: Released * Add new rule W3037 to validate IAM resource policies. Status: Experimental * Add new parameter `-e/--include-experimental` to allow for new rules in that aren't ready to be fully released + CloudFormation Specifications * Update Spec files to 2.28.0 * Add all the allowed values of the AWS::Redshift::* Resources * Add all the allowed values of the AWS::Neptune::* Resources * Patch spec to make AWS::CloudFront::Distribution.LambdaFunctionAssociation.LambdaFunctionARN r equired * Patch spec to make AWS::DynamoDB::Table AttributeDefinitions required + Fixes * Remove extra blank lines when there is no errors in the output * Add exception to rule E1029 to have exceptions for EMR CloudWatchAlarmDefinition * Update rule E1029 to allow for literals in a Sub * Remove sub checks from rule E3031 as it won't match in all cases of an allowed pattern regex check * Correct typos for errors in rule W1001 * Switch from parsing a template as Yaml to Json when finding an escape character * Fix an issue with SAM related to transforming templates with Serverless Application and Lambda Layers * Fix an issue with rule E2541 when non strings were used for Stage Names Update to version 0.16.0 + Features * Add rule E3031 to look for regex patterns based on the patched spec file * Remove regex checks from rule E2509 * Add parameter `ignore-templates` to allow the ignoring of templates when doing bulk linting + CloudFormation Specifications * Update Spec files to 2.26.0 * Add all the allowed values of the AWS::DirectoryService::* Resources * Add all the allowed values of the AWS::DynamoDB::* Resources * Added AWS::Route53Resolver resources to the Spec Patches of ap-southeast-2 * Patch the spec file with regex patterns * Add all the allowed values of the AWS::DocDb::* Resources + Fixes * Update rule E2504 to have '20000' as the max value * Update rule E1016 to not allow ImportValue inside of Conditions * Update rule E2508 to check conditions when providing limit checks on managed policies * Convert unicode to strings when in Py 3.4/3.5 and updating specs * Convert from `awslabs` to `aws-cloudformation` organization * Remove suppression of logging that was removed from samtranslator >1.7.0 and incompatibility with samtranslator 1.10.0 Update to version 0.15.0 + Features * Add scaffolding for arbitrary Match attributes, adding attributes for Type checks * Add rule E3024 to validate that ProvisionedThroughput is not specified with BillingMode PAY_PER_REQUEST + CloudFormation Specifications * Update Spec files to 2.24.0 * Update OnlyOne spec to have BlockDeviceMapping to include NoDevice with Ebs and VirtualName * Add all the allowed values of the AWS::CloudFront::* Resources * Add all the allowed values of the AWS::DAX::* Resources + Fixes * Update config parsing to use the builtin Yaml decoder * Add condition support for Inclusive E2521, Exclusive E2520, and AtLeastOne E2522 rules * Update rule E1029 to better check Resource strings inside IAM Policies * Improve the line/column information of a Match with array support Update to version 0.14.1 + CloudFormation Specifications * Update CloudFormation Specs to version 2.23.0 * Add allowed values for AWS::Config::* resources * Add allowed values for AWS::ServiceDiscovery::* resources * Fix allowed values for Apache MQ + Fixes * Update rule E3008 to not error when using a list from a custom resource * Support simple types in the CloudFormation spec * Add tests for the formatters Update to version 0.14.0 + Features * Add rule E3035 to check the values of DeletionPolicy * Add rule E3036 to check the values of UpdateReplacePolicy * Add rule E2014 to check that there are no REFs in the Parameter section * Update rule E2503 to support TLS on NLBs + CloudFormation Specifications * Update CloudFormation spec to version 2.22.0 * Add allowed values for AWS::Cognito::* resources + Fixes * Update rule E3002 to allow GetAtts to Custom Resources under a Condition Update to version 0.13.2 + Features * Introducing the cfn-lint logo! * Update SAM dependency version + Fixes * Fix CloudWatchAlarmComparisonOperator allowed values. * Fix typo resoruce_type_spec in several files * Better support for nested And, Or, and Not when processing Conditions Update to version 0.13.1 + CloudFormation Specifications * Add allowed values for AWS::CloudTrail::Trail resources * Patch spec to have AWS::CodePipeline::CustomActionType Version included + Fixes * Fix conditions logic to use AllowedValues when REFing a Parameter that has AllowedValues specified Update to version 0.13.0 + Features * New rule W1011 to check if a FindInMap is using the correct map name and keys * New rule W1001 to check if a Ref/GetAtt to a resource that exists when Conditions are used * Removed logic in E1011 and moved it to W1011 for validating keys * Add property relationships for AWS::ApplicationAutoScaling::ScalingPolicy into Inclusive, Exclusive, and AtLeastOne * Update rule E2505 to check the netmask bit * Include the ability to update the CloudFormation Specs using the Pricing API + CloudFormation Specifications * Update to version 2.21.0 * Add allowed values for AWS::Budgets::Budget * Add allowed values for AWS::CertificateManager resources * Add allowed values for AWS::CodePipeline resources * Add allowed values for AWS::CodeCommit resources * Add allowed values for EC2 InstanceTypes from pricing API * Add allowed values for RedShift InstanceTypes from pricing API * Add allowed values for MQ InstanceTypes from pricing API * Add allowed values for RDS InstanceTypes from pricing API + Fixes * Fixed README indentation issue with .pre-commit-config.yaml * Fixed rule E2541 to allow for multiple inputs/outputs in a CodeBuild task * Fixed rule E3020 to allow for a period or no period at the end of a ACM registration record * Update rule E3001 to support UpdateReplacePolicy * Fix a cli issue where `--template` wouldn't be used when a .cfnlintrc was in the same folder * Update rule E3002 and E1024 to support packaging of AWS::Lambda::LayerVersion content - Initial build + Version 0.12.1 Update to 0.9.1 * the prof plugin now uses cProfile instead of hotshot for profiling * skipped tests now include the user's reason in junit XML's message field * the prettyassert plugin mishandled multi-line function definitions * Using a plugin's CLI flag when the plugin is already enabled via config no longer errors * nose2.plugins.prettyassert, enabled with --pretty-assert * Cleanup code for EOLed python versions * Dropped support for distutils. * Result reporter respects failure status set by other plugins * JUnit XML plugin now includes the skip reason in its output Upgrade to 0.8.0: - List of changes is too long to show here, see https://github.com/nose-devs/nose2/blob/master/docs/changelog.rst changes between 0.6.5 and 0.8.0 Update to 0.7.0: * Added parameterized_class feature, for parameterizing entire test classes (many thanks to @TobyLL for their suggestions and help testing!) * Fix DeprecationWarning on `inspect.getargs` (thanks @brettdh; https://github.com/wolever/parameterized/issues/67) * Make sure that `setUp` and `tearDown` methods work correctly (#40) * Raise a ValueError when input is empty (thanks @danielbradburn; https://github.com/wolever/parameterized/pull/48) * Fix the order when number of cases exceeds 10 (thanks @ntflc; https://github.com/wolever/parameterized/pull/49) aws-cli was updated to version 1.16.223: For detailed changes see the changes entries: https://github.com/aws/aws-cli/blob/1.16.223/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.189/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.182/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.176/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.103/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.94/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.84/CHANGELOG.rst python-boto3 was updated to 1.9.213, python-botocore was updated to 1.9.188, and python-s3transfer was updated to 1.12.74, fixing lots of bugs and adding features (bsc#1146853, bsc#1146854) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-498=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-498=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-498=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-498=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-498=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python-PyYAML-debuginfo-5.1.2-6.3.7 python-PyYAML-debugsource-5.1.2-6.3.7 python2-PyYAML-5.1.2-6.3.7 python2-PyYAML-debuginfo-5.1.2-6.3.7 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): aws-cli-1.16.223-8.3.3 azure-cli-core-2.0.45-6.3.3 azure-cli-interactive-0.3.28-6.3.3 cfn-lint-0.21.4-3.3.9 python3-aws-sam-translator-1.11.0-4.3.8 python3-cfn-lint-0.21.4-3.3.9 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-boto3-1.9.213-7.3.4 python2-botocore-1.12.213-7.3.4 python2-s3transfer-0.2.1-6.3.5 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python2-boto3-1.9.213-7.3.4 python2-botocore-1.12.213-7.3.4 python2-s3transfer-0.2.1-6.3.5 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): python-PyYAML-debuginfo-5.1.2-6.3.7 python-PyYAML-debugsource-5.1.2-6.3.7 python3-PyYAML-5.1.2-6.3.7 python3-PyYAML-debuginfo-5.1.2-6.3.7 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-boto3-1.9.213-7.3.4 python3-botocore-1.12.213-7.3.4 python3-s3transfer-0.2.1-6.3.5 References: https://bugzilla.suse.com/1122669 https://bugzilla.suse.com/1136184 https://bugzilla.suse.com/1146853 https://bugzilla.suse.com/1146854 https://bugzilla.suse.com/1159018 From sle-updates at lists.suse.com Wed Feb 26 13:13:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 21:13:51 +0100 (CET) Subject: SUSE-SU-2020:0497-1: moderate: Security update for python3 Message-ID: <20200226201351.DF8AFF798@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0497-1 Rating: moderate References: #1068664 #1159208 #1159623 Cross-References: CVE-2012-0876 CVE-2016-0718 CVE-2016-4472 CVE-2016-9063 CVE-2017-1000158 CVE-2017-9233 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for python3 fixes the following issues: Update to 3.4.10 (jsc#SLE-9427, bsc#1159208) from 3.4.6: Security issues fixed: - Update expat copy from 2.1.1 to 2.2.0 to fix the following issues: CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2017-9233, CVE-2016-9063 - CVE-2017-1000158: Fix an integer overflow in thePyString_DecodeEscape function in stringobject.c, resulting in heap-based bufferoverflow (bsc#1068664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-497=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-497=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-497=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-497=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-497=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-497=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-497=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-497=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-497=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-497=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-497=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-497=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-497=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-497=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-497=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-497=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-497=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-497=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-497=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 - SUSE OpenStack Cloud 8 (x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 - SUSE OpenStack Cloud 7 (s390x x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-dbm-3.4.10-25.39.3 python3-dbm-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 python3-devel-3.4.10-25.39.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.39.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-dbm-3.4.10-25.39.3 python3-dbm-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 python3-devel-3.4.10-25.39.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.39.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 python3-tk-3.4.10-25.39.3 python3-tk-debuginfo-3.4.10-25.39.3 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython3_4m1_0-32bit-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-32bit-3.4.10-25.39.2 python3-base-debuginfo-32bit-3.4.10-25.39.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 - SUSE Enterprise Storage 5 (aarch64 x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 - HPE Helion Openstack 8 (x86_64): libpython3_4m1_0-3.4.10-25.39.2 libpython3_4m1_0-debuginfo-3.4.10-25.39.2 python3-3.4.10-25.39.3 python3-base-3.4.10-25.39.2 python3-base-debuginfo-3.4.10-25.39.2 python3-base-debugsource-3.4.10-25.39.2 python3-curses-3.4.10-25.39.3 python3-curses-debuginfo-3.4.10-25.39.3 python3-debuginfo-3.4.10-25.39.3 python3-debugsource-3.4.10-25.39.3 References: https://www.suse.com/security/cve/CVE-2012-0876.html https://www.suse.com/security/cve/CVE-2016-0718.html https://www.suse.com/security/cve/CVE-2016-4472.html https://www.suse.com/security/cve/CVE-2016-9063.html https://www.suse.com/security/cve/CVE-2017-1000158.html https://www.suse.com/security/cve/CVE-2017-9233.html https://bugzilla.suse.com/1068664 https://bugzilla.suse.com/1159208 https://bugzilla.suse.com/1159623 From sle-updates at lists.suse.com Wed Feb 26 13:14:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Feb 2020 21:14:50 +0100 (CET) Subject: SUSE-SU-2020:0496-1: moderate: Security update for mariadb Message-ID: <20200226201450.BB500F798@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0496-1 Rating: moderate References: #1160878 #1160883 #1160895 #1160912 #1162388 Cross-References: CVE-2019-18901 CVE-2020-2574 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for mariadb fixes the following issues: MariaDB was updated to version 10.2.31 GA (bsc#1162388). Security issues fixed: - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388). - CVE-2019-18901: Fixed an unsafe path handling behavior in mysql-systemd-helper (bsc#1160895). - Enabled security hardenings in MariaDB's systemd service, namely ProtectSystem, ProtectHome and UMask (bsc#1160878). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-496=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-496=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libmysqld-devel-10.2.31-3.26.1 libmysqld19-10.2.31-3.26.1 libmysqld19-debuginfo-10.2.31-3.26.1 mariadb-10.2.31-3.26.1 mariadb-client-10.2.31-3.26.1 mariadb-client-debuginfo-10.2.31-3.26.1 mariadb-debuginfo-10.2.31-3.26.1 mariadb-debugsource-10.2.31-3.26.1 mariadb-tools-10.2.31-3.26.1 mariadb-tools-debuginfo-10.2.31-3.26.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): mariadb-errormessages-10.2.31-3.26.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): mariadb-bench-10.2.31-3.26.1 mariadb-bench-debuginfo-10.2.31-3.26.1 mariadb-debuginfo-10.2.31-3.26.1 mariadb-debugsource-10.2.31-3.26.1 mariadb-galera-10.2.31-3.26.1 mariadb-test-10.2.31-3.26.1 mariadb-test-debuginfo-10.2.31-3.26.1 References: https://www.suse.com/security/cve/CVE-2019-18901.html https://www.suse.com/security/cve/CVE-2020-2574.html https://bugzilla.suse.com/1160878 https://bugzilla.suse.com/1160883 https://bugzilla.suse.com/1160895 https://bugzilla.suse.com/1160912 https://bugzilla.suse.com/1162388 From sle-updates at lists.suse.com Wed Feb 26 16:11:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 00:11:15 +0100 (CET) Subject: SUSE-RU-2020:0499-1: moderate: Recommended update for s390-tools Message-ID: <20200226231115.38ADEF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0499-1 Rating: moderate References: #1159926 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - Fix to prevent a coredump occured by running 'lsqeth' on a KVM guest that is connected to an openswitch bridge. (bsc#1159926) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-499=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (s390x): osasnmpd-2.1.0-18.6.2 osasnmpd-debuginfo-2.1.0-18.6.2 s390-tools-2.1.0-18.6.2 s390-tools-debuginfo-2.1.0-18.6.2 s390-tools-debugsource-2.1.0-18.6.2 s390-tools-hmcdrvfs-2.1.0-18.6.2 s390-tools-hmcdrvfs-debuginfo-2.1.0-18.6.2 s390-tools-zdsfs-2.1.0-18.6.2 s390-tools-zdsfs-debuginfo-2.1.0-18.6.2 References: https://bugzilla.suse.com/1159926 From sle-updates at lists.suse.com Wed Feb 26 16:11:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 00:11:54 +0100 (CET) Subject: SUSE-RU-2020:0500-1: important: Recommended update for xorg-x11-server Message-ID: <20200226231154.B4B1EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0500-1 Rating: important References: #1164409 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorg-x11-server fixes the following issues: - Fixes a regression that caused a crash of X11 when moving windows too fast (bsc#1164409) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-500=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-500=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-10.3.1 xorg-x11-server-debugsource-1.19.6-10.3.1 xorg-x11-server-sdk-1.19.6-10.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-10.3.1 xorg-x11-server-debuginfo-1.19.6-10.3.1 xorg-x11-server-debugsource-1.19.6-10.3.1 xorg-x11-server-extra-1.19.6-10.3.1 xorg-x11-server-extra-debuginfo-1.19.6-10.3.1 References: https://bugzilla.suse.com/1164409 From sle-updates at lists.suse.com Wed Feb 26 16:12:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 00:12:34 +0100 (CET) Subject: SUSE-RU-2020:14293-1: moderate: Recommended update for POS_Image3 Message-ID: <20200226231234.5576FF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for POS_Image3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14293-1 Rating: moderate References: #1135915 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for POS_Image3 fixes the following issues: - Fix for LDAP validation of partition type. (bsc#1135915) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-POS_Image3-14293=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 x86_64): POS_Migration-3.5.7-24.8.1 POS_Server-Admin3-3.5.7-24.8.1 POS_Server-AdminGUI-3.5.7-24.8.1 POS_Server-AdminTools3-3.5.7-24.8.1 POS_Server-BranchTools3-3.5.7-24.8.1 POS_Server-Modules3-3.5.7-24.8.1 POS_Server3-3.5.7-24.8.1 admind-1.9-24.8.1 admind-client-1.9-24.8.1 posbios-1.0-24.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): POS_Image-Minimal3-3.4.0-24.8.1 POS_Image-Netboot-hooks-3.4.0-24.8.1 POS_Image-Tools-3.4.0-24.8.1 POS_Image3-3.5.7-24.8.1 References: https://bugzilla.suse.com/1135915 From sle-updates at lists.suse.com Wed Feb 26 16:13:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 00:13:14 +0100 (CET) Subject: SUSE-RU-2020:0503-1: moderate: Recommended update for zypper-migration-plugin Message-ID: <20200226231314.833AEF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper-migration-plugin ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0503-1 Rating: moderate References: #1100137 #1107238 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for zypper-migration-plugin fixes the following issues: - Check if snapper is configured. (jsc#SLE-7752) - Fix for returning non-zero exit code if there are possible migrations, but none is mirrored on registration server. (bsc#1107238) - Check for closed stdin in salt by transactional-update. (bsc#1100137) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-503=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): zypper-migration-plugin-0.12.1580220831.7102be8-6.4.1 References: https://bugzilla.suse.com/1100137 https://bugzilla.suse.com/1107238 From sle-updates at lists.suse.com Wed Feb 26 16:14:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 00:14:02 +0100 (CET) Subject: SUSE-RU-2020:0502-1: moderate: Recommended update for POS_Image3 Message-ID: <20200226231402.41E3BF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for POS_Image3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0502-1 Rating: moderate References: #1134345 Affected Products: SUSE Linux Enterprise Point of Sale 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for POS_Image3 fixes the following issues: - Modernize the POS Net Hooks package to allow for the deployment to, partitioning of, imaging of, and bootloader configuration of, modern UEFI / GPT devices. (bsc#1134345) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2020-502=1 Package List: - SUSE Linux Enterprise Point of Sale 12-SP2 (noarch): POS_Image-Netboot-hooks-3.4.0-6.9.1 POS_Image-Tools-3.4.0-6.9.1 POS_Image3-3.7.1-6.9.1 References: https://bugzilla.suse.com/1134345 From sle-updates at lists.suse.com Thu Feb 27 07:13:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 15:13:19 +0100 (CET) Subject: SUSE-RU-2020:0509-1: moderate: Recommended update for openvswitch Message-ID: <20200227141319.CABC9F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0509-1 Rating: moderate References: #1143869 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This updates openvswitch to version 2.11.1 to align with SLES 12 SP5 and SLES 15 SP1. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2020-509=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-509=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-509=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_11-0-2.11.1-6.25.34 libopenvswitch-2_11-0-debuginfo-2.11.1-6.25.34 openvswitch-2.11.1-6.25.34 openvswitch-debuginfo-2.11.1-6.25.34 openvswitch-debugsource-2.11.1-6.25.34 openvswitch-devel-2.11.1-6.25.34 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_11-0-2.11.1-6.25.34 libopenvswitch-2_11-0-debuginfo-2.11.1-6.25.34 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openvswitch-debuginfo-2.11.1-6.25.34 openvswitch-debugsource-2.11.1-6.25.34 openvswitch-ovn-central-2.11.1-6.25.34 openvswitch-ovn-central-debuginfo-2.11.1-6.25.34 openvswitch-ovn-common-2.11.1-6.25.34 openvswitch-ovn-common-debuginfo-2.11.1-6.25.34 openvswitch-ovn-docker-2.11.1-6.25.34 openvswitch-ovn-host-2.11.1-6.25.34 openvswitch-ovn-host-debuginfo-2.11.1-6.25.34 openvswitch-ovn-vtep-2.11.1-6.25.34 openvswitch-ovn-vtep-debuginfo-2.11.1-6.25.34 openvswitch-pki-2.11.1-6.25.34 openvswitch-test-2.11.1-6.25.34 openvswitch-test-debuginfo-2.11.1-6.25.34 openvswitch-vtep-2.11.1-6.25.34 openvswitch-vtep-debuginfo-2.11.1-6.25.34 python2-ovs-2.11.1-6.25.34 python2-ovs-debuginfo-2.11.1-6.25.34 python3-ovs-2.11.1-6.25.34 python3-ovs-debuginfo-2.11.1-6.25.34 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): openvswitch-doc-2.11.1-6.25.34 References: https://bugzilla.suse.com/1143869 From sle-updates at lists.suse.com Thu Feb 27 07:14:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 15:14:08 +0100 (CET) Subject: SUSE-SU-2020:14294-1: moderate: Security update for libexif Message-ID: <20200227141408.9A006F798@maintenance.suse.de> SUSE Security Update: Security update for libexif ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14294-1 Rating: moderate References: #1120943 #1160770 Cross-References: CVE-2018-20030 CVE-2019-9278 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libexif-14294=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libexif-14294=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libexif-14294=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libexif-14294=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libexif-0.6.17-2.14.7.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libexif-32bit-0.6.17-2.14.7.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libexif-0.6.17-2.14.7.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libexif-debuginfo-0.6.17-2.14.7.2 libexif-debugsource-0.6.17-2.14.7.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libexif-debuginfo-32bit-0.6.17-2.14.7.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libexif-debuginfo-0.6.17-2.14.7.2 libexif-debugsource-0.6.17-2.14.7.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): libexif-debuginfo-32bit-0.6.17-2.14.7.2 References: https://www.suse.com/security/cve/CVE-2018-20030.html https://www.suse.com/security/cve/CVE-2019-9278.html https://bugzilla.suse.com/1120943 https://bugzilla.suse.com/1160770 From sle-updates at lists.suse.com Thu Feb 27 07:14:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 15:14:58 +0100 (CET) Subject: SUSE-RU-2020:0508-1: moderate: Recommended update for autofs Message-ID: <20200227141458.9512FF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0508-1 Rating: moderate References: #1140145 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for autofs fixes the following issues: - Perform bind mounts of nested automounts of local filesystems by default (bsc#1140145): Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-508=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): autofs-5.0.9-28.15.1 autofs-debuginfo-5.0.9-28.15.1 autofs-debugsource-5.0.9-28.15.1 - SUSE CaaS Platform 3.0 (x86_64): autofs-5.0.9-28.15.1 autofs-debuginfo-5.0.9-28.15.1 autofs-debugsource-5.0.9-28.15.1 References: https://bugzilla.suse.com/1140145 From sle-updates at lists.suse.com Thu Feb 27 07:15:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 15:15:41 +0100 (CET) Subject: SUSE-RU-2020:0506-1: moderate: Recommended update for autofs Message-ID: <20200227141541.75C5FF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0506-1 Rating: moderate References: #1140145 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for autofs fixes the following issues: - Fix issue using nested automount of local filesystems and reventing hanging sessions. (bsc#1140145) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-506=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): autofs-5.1.3-3.3.1 autofs-debuginfo-5.1.3-3.3.1 autofs-debugsource-5.1.3-3.3.1 References: https://bugzilla.suse.com/1140145 From sle-updates at lists.suse.com Thu Feb 27 07:16:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 15:16:22 +0100 (CET) Subject: SUSE-RU-2020:0507-1: moderate: Recommended update for nfs-ganesha Message-ID: <20200227141622.5C86CF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-ganesha ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0507-1 Rating: moderate References: #1069819 #1084909 #1131944 #1134302 #1160379 #1161330 #1161793 #1161800 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for nfs-ganesha fixes the following issues: - Update nfs-ganesha for SES5 to 2.8.3 as 2.5.x is out of support. (jsc#SES-1478) - Update to 2.8.x to avoid segfault issues reported in 2.5.6. (bsc#1160379, bsc#1161800, bsc#1131944) - Fix for count of connections that caused issues during mount from export. (bsc#1130725) - Fix for nfs-ganesha when it fails to be updated configuration from rados pool. (bsc#1161793) - Fix for systemd removing an inline comment that fails the systemd to load properly. (bsc#1161330) - FSAL_CEPH: use a unique uuid string per export (bsc#1134302) - Fix for build errors with the depending packages. (bsc#1084909) - Add build requirement 'libnsl-devel'. (bsc#1069819) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-507=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): libganesha_nfsd-devel-2.8.3+git0.d504d374e-4.12.1 libganesha_nfsd2_8-2.8.3+git0.d504d374e-4.12.1 libganesha_nfsd2_8-debuginfo-2.8.3+git0.d504d374e-4.12.1 libntirpc-devel-2.8.3+git0.d504d374e-4.12.1 libntirpc1_8-2.8.3+git0.d504d374e-4.12.1 nfs-ganesha-2.8.3+git0.d504d374e-4.12.1 nfs-ganesha-ceph-2.8.3+git0.d504d374e-4.12.1 nfs-ganesha-debuginfo-2.8.3+git0.d504d374e-4.12.1 nfs-ganesha-rados-grace-2.8.3+git0.d504d374e-4.12.1 nfs-ganesha-rados-grace-debuginfo-2.8.3+git0.d504d374e-4.12.1 nfs-ganesha-rados-urls-2.8.3+git0.d504d374e-4.12.1 nfs-ganesha-rgw-2.8.3+git0.d504d374e-4.12.1 nfs-ganesha-utils-2.8.3+git0.d504d374e-4.12.1 nfs-ganesha-utils-debuginfo-2.8.3+git0.d504d374e-4.12.1 - SUSE Enterprise Storage 5 (x86_64): libntirpc1_8-debuginfo-2.8.3+git0.d504d374e-4.12.1 nfs-ganesha-ceph-debuginfo-2.8.3+git0.d504d374e-4.12.1 nfs-ganesha-rados-urls-debuginfo-2.8.3+git0.d504d374e-4.12.1 nfs-ganesha-rgw-debuginfo-2.8.3+git0.d504d374e-4.12.1 References: https://bugzilla.suse.com/1069819 https://bugzilla.suse.com/1084909 https://bugzilla.suse.com/1131944 https://bugzilla.suse.com/1134302 https://bugzilla.suse.com/1160379 https://bugzilla.suse.com/1161330 https://bugzilla.suse.com/1161793 https://bugzilla.suse.com/1161800 From sle-updates at lists.suse.com Thu Feb 27 07:17:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 15:17:50 +0100 (CET) Subject: SUSE-SU-2020:0505-1: moderate: Security update for mariadb Message-ID: <20200227141750.81E97F798@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0505-1 Rating: moderate References: #1077717 #1160878 #1160883 #1160895 #1160912 #1162388 Cross-References: CVE-2019-18901 CVE-2020-2574 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for mariadb fixes the following issues: MariaDB was updated to version 10.2.31 GA (bsc#1162388). Security issues fixed: - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388). - CVE-2019-18901: Fixed an unsafe path handling behavior in mysql-systemd-helper (bsc#1160895). - Enabled security hardenings in MariaDB's systemd service, namely ProtectSystem, ProtectHome and UMask (bsc#1160878). - Fixed a permissions issue in /var/lib/mysql (bsc#1077717). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-505=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-505=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-505=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-505=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): mariadb-debuginfo-10.2.31-3.25.1 mariadb-debugsource-10.2.31-3.25.1 mariadb-galera-10.2.31-3.25.1 - SUSE OpenStack Cloud 9 (x86_64): mariadb-debuginfo-10.2.31-3.25.1 mariadb-debugsource-10.2.31-3.25.1 mariadb-galera-10.2.31-3.25.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mariadb-10.2.31-3.25.1 mariadb-client-10.2.31-3.25.1 mariadb-client-debuginfo-10.2.31-3.25.1 mariadb-debuginfo-10.2.31-3.25.1 mariadb-debugsource-10.2.31-3.25.1 mariadb-tools-10.2.31-3.25.1 mariadb-tools-debuginfo-10.2.31-3.25.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): mariadb-errormessages-10.2.31-3.25.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): mariadb-10.2.31-3.25.1 mariadb-client-10.2.31-3.25.1 mariadb-client-debuginfo-10.2.31-3.25.1 mariadb-debuginfo-10.2.31-3.25.1 mariadb-debugsource-10.2.31-3.25.1 mariadb-tools-10.2.31-3.25.1 mariadb-tools-debuginfo-10.2.31-3.25.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): mariadb-errormessages-10.2.31-3.25.1 References: https://www.suse.com/security/cve/CVE-2019-18901.html https://www.suse.com/security/cve/CVE-2020-2574.html https://bugzilla.suse.com/1077717 https://bugzilla.suse.com/1160878 https://bugzilla.suse.com/1160883 https://bugzilla.suse.com/1160895 https://bugzilla.suse.com/1160912 https://bugzilla.suse.com/1162388 From sle-updates at lists.suse.com Thu Feb 27 07:30:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 15:30:46 +0100 (CET) Subject: SUSE-CU-2020:65-1: Recommended update of suse/sle15 Message-ID: <20200227143046.8FFABF798@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:65-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.153 Container Release : 4.22.153 Severity : moderate Type : recommended References : 1102840 1160039 1160595 1160735 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:475-1 Released: Tue Feb 25 13:27:04 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1160595 Description: This update for systemd fixes the following issues: - Remove TasksMax limit for both user and system slices (jsc#SLE-10123) - Backport IP filtering feature (jsc#SLE-7743 bsc#1160595) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:476-1 Released: Tue Feb 25 14:23:14 2020 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1102840,1160039 Description: This update for perl fixes the following issues: - Some packages make assumptions about the date and time they are built. This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:480-1 Released: Tue Feb 25 17:38:22 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1160735 Description: This update for aaa_base fixes the following issues: - Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735) From sle-updates at lists.suse.com Thu Feb 27 07:34:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 15:34:18 +0100 (CET) Subject: SUSE-CU-2020:63-1: Recommended update of suse/sle15 Message-ID: <20200227143418.71EC0F798@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:63-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.167 Container Release : 6.2.167 Severity : moderate Type : recommended References : 1102840 1155337 1160039 1160595 1160735 1161215 1161216 1161218 1161219 1161220 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:451-1 Released: Tue Feb 25 10:50:35 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1155337,1161215,1161216,1161218,1161219,1161220 Description: This update for libgcrypt fixes the following issues: - ECDSA: Check range of coordinates (bsc#1161216) - FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219] - FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215] - FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220] - FIPS: keywrap gives incorrect results [bsc#1161218] - FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:475-1 Released: Tue Feb 25 13:27:04 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1160595 Description: This update for systemd fixes the following issues: - Remove TasksMax limit for both user and system slices (jsc#SLE-10123) - Backport IP filtering feature (jsc#SLE-7743 bsc#1160595) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:476-1 Released: Tue Feb 25 14:23:14 2020 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1102840,1160039 Description: This update for perl fixes the following issues: - Some packages make assumptions about the date and time they are built. This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:480-1 Released: Tue Feb 25 17:38:22 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1160735 Description: This update for aaa_base fixes the following issues: - Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735) From sle-updates at lists.suse.com Thu Feb 27 07:39:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 15:39:28 +0100 (CET) Subject: SUSE-CU-2020:64-1: Security update of suse/sles12sp3 Message-ID: <20200227143928.08D9CF796@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:64-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.112 , suse/sles12sp3:latest Container Release : 24.112 Severity : moderate Type : security References : 1117951 1158809 1160163 CVE-2019-1551 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:474-1 Released: Tue Feb 25 13:24:15 2020 Summary: Security update for openssl Type: security Severity: moderate References: 1117951,1158809,1160163,CVE-2019-1551 Description: This update for openssl fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Non-security issue fixed: - Fixed a crash in BN_copy (bsc#1160163). From sle-updates at lists.suse.com Thu Feb 27 10:11:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 18:11:40 +0100 (CET) Subject: SUSE-SU-2020:0520-1: moderate: Security update for texlive-filesystem Message-ID: <20200227171140.A1AEEF798@maintenance.suse.de> SUSE Security Update: Security update for texlive-filesystem ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0520-1 Rating: moderate References: #1150556 #1155381 #1158910 #1159740 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for texlive-filesystem fixes the following issues: Security issues fixed: - Changed default user for ls-R files and font cache directories to user nobody (bsc#1159740) - Switched to rm instead of safe-rm or safe-rmdir to avoid race conditions (bsc#1158910) . - Made cron script more failsafe (bsc#1150556) Non-security issue fixed: - Refreshed font map files on update (bsc#1155381) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-520=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-520=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): texlive-collection-basic-2013.74.svn30372-16.5.1 texlive-collection-fontsrecommended-2013.74.svn30307-16.5.1 texlive-collection-htmlxml-2013.74.svn30307-16.5.1 texlive-collection-latex-2013.74.svn30308-16.5.1 texlive-collection-latexrecommended-2013.74.svn30811-16.5.1 texlive-collection-luatex-2013.74.svn30790-16.5.1 texlive-collection-xetex-2013.74.svn30396-16.5.1 texlive-devel-2013.74-16.5.1 texlive-extratools-2013.74-16.5.1 texlive-filesystem-2013.74-16.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): texlive-collection-basic-2013.74.svn30372-16.5.1 texlive-collection-fontsrecommended-2013.74.svn30307-16.5.1 texlive-collection-htmlxml-2013.74.svn30307-16.5.1 texlive-collection-latex-2013.74.svn30308-16.5.1 texlive-collection-latexrecommended-2013.74.svn30811-16.5.1 texlive-collection-luatex-2013.74.svn30790-16.5.1 texlive-collection-xetex-2013.74.svn30396-16.5.1 texlive-devel-2013.74-16.5.1 texlive-extratools-2013.74-16.5.1 texlive-filesystem-2013.74-16.5.1 References: https://bugzilla.suse.com/1150556 https://bugzilla.suse.com/1155381 https://bugzilla.suse.com/1158910 https://bugzilla.suse.com/1159740 From sle-updates at lists.suse.com Thu Feb 27 10:13:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 18:13:21 +0100 (CET) Subject: SUSE-SU-2020:14295-1: moderate: Security update for openssl Message-ID: <20200227171321.9972DF798@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14295-1 Rating: moderate References: #1117951 #1160163 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for openssl fixes the following issues: - Add missing commits for fixing the security issue called "The 9 Lives of Bleichenbacher's CAT". (bsc#1117951) - Fix a memory leak problem in function 'BN_copy()'. (bsc#1160163) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openssl-14295=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-14295=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-14295=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl-14295=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.106.31.1 libopenssl0_9_8-hmac-0.9.8j-0.106.31.1 openssl-0.9.8j-0.106.31.1 openssl-doc-0.9.8j-0.106.31.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.106.31.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.31.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libopenssl-devel-0.9.8j-0.106.31.1 libopenssl0_9_8-0.9.8j-0.106.31.1 libopenssl0_9_8-hmac-0.9.8j-0.106.31.1 openssl-0.9.8j-0.106.31.1 openssl-doc-0.9.8j-0.106.31.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.31.1 openssl-debugsource-0.9.8j-0.106.31.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.31.1 openssl-debugsource-0.9.8j-0.106.31.1 References: https://bugzilla.suse.com/1117951 https://bugzilla.suse.com/1160163 From sle-updates at lists.suse.com Thu Feb 27 10:14:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 18:14:12 +0100 (CET) Subject: SUSE-SU-2020:0519-1: moderate: Security update for texlive-filesystem Message-ID: <20200227171412.C20EAF798@maintenance.suse.de> SUSE Security Update: Security update for texlive-filesystem ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0519-1 Rating: moderate References: #1150556 #1155381 #1158910 #1159740 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for texlive-filesystem fixes the following issues: Security issues fixed: - Changed default user for ls-R files and font cache directories to user nobody (bsc#1159740) - Switched to rm instead of safe-rm or safe-rmdir to avoid race conditions (bsc#1158910) . - Made cron script more failsafe (bsc#1150556) Non-security issue fixed: - Refreshed font map files on update (bsc#1155381) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-519=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): texlive-collection-basic-2017.135.svn41616-9.5.1 texlive-collection-bibtexextra-2017.135.svn44385-9.5.1 texlive-collection-binextra-2017.135.svn44515-9.5.1 texlive-collection-context-2017.135.svn42330-9.5.1 texlive-collection-fontsextra-2017.135.svn43356-9.5.1 texlive-collection-fontsrecommended-2017.135.svn35830-9.5.1 texlive-collection-fontutils-2017.135.svn37105-9.5.1 texlive-collection-formatsextra-2017.135.svn44177-9.5.1 texlive-collection-games-2017.135.svn42992-9.5.1 texlive-collection-humanities-2017.135.svn42268-9.5.1 texlive-collection-langarabic-2017.135.svn44496-9.5.1 texlive-collection-langchinese-2017.135.svn42675-9.5.1 texlive-collection-langcjk-2017.135.svn43009-9.5.1 texlive-collection-langcyrillic-2017.135.svn44401-9.5.1 texlive-collection-langczechslovak-2017.135.svn32550-9.5.1 texlive-collection-langenglish-2017.135.svn43650-9.5.1 texlive-collection-langeuropean-2017.135.svn44414-9.5.1 texlive-collection-langfrench-2017.135.svn40375-9.5.1 texlive-collection-langgerman-2017.135.svn42045-9.5.1 texlive-collection-langgreek-2017.135.svn44192-9.5.1 texlive-collection-langitalian-2017.135.svn30372-9.5.1 texlive-collection-langjapanese-2017.135.svn44554-9.5.1 texlive-collection-langkorean-2017.135.svn42106-9.5.1 texlive-collection-langother-2017.135.svn44414-9.5.1 texlive-collection-langpolish-2017.135.svn44371-9.5.1 texlive-collection-langportuguese-2017.135.svn30962-9.5.1 texlive-collection-langspanish-2017.135.svn40587-9.5.1 texlive-collection-latex-2017.135.svn41614-9.5.1 texlive-collection-latexextra-2017.135.svn44544-9.5.1 texlive-collection-latexrecommended-2017.135.svn44177-9.5.1 texlive-collection-luatex-2017.135.svn44500-9.5.1 texlive-collection-mathscience-2017.135.svn44396-9.5.1 texlive-collection-metapost-2017.135.svn44297-9.5.1 texlive-collection-music-2017.135.svn40561-9.5.1 texlive-collection-pictures-2017.135.svn44395-9.5.1 texlive-collection-plaingeneric-2017.135.svn44177-9.5.1 texlive-collection-pstricks-2017.135.svn44460-9.5.1 texlive-collection-publishers-2017.135.svn44485-9.5.1 texlive-collection-xetex-2017.135.svn43059-9.5.1 texlive-devel-2017.135-9.5.1 texlive-extratools-2017.135-9.5.1 texlive-filesystem-2017.135-9.5.1 texlive-scheme-basic-2017.135.svn25923-9.5.1 texlive-scheme-context-2017.135.svn35799-9.5.1 texlive-scheme-full-2017.135.svn44177-9.5.1 texlive-scheme-gust-2017.135.svn44177-9.5.1 texlive-scheme-infraonly-2017.135.svn41515-9.5.1 texlive-scheme-medium-2017.135.svn44177-9.5.1 texlive-scheme-minimal-2017.135.svn13822-9.5.1 texlive-scheme-small-2017.135.svn41825-9.5.1 texlive-scheme-tetex-2017.135.svn44187-9.5.1 References: https://bugzilla.suse.com/1150556 https://bugzilla.suse.com/1155381 https://bugzilla.suse.com/1158910 https://bugzilla.suse.com/1159740 From sle-updates at lists.suse.com Thu Feb 27 10:15:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 18:15:14 +0100 (CET) Subject: SUSE-RU-2020:0514-1: moderate: Recommended update for gstreamer-plugin-gstflump3dec Message-ID: <20200227171514.B681CF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for gstreamer-plugin-gstflump3dec ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0514-1 Rating: moderate References: #843982 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gstreamer-plugin-gstflump3dec fixes the following issues: - Manually provide the right MP3 codec string looked for by Totem or by Rythmbox as the automatic discovery does not show enough anymore. (bsc#843982) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-514=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2020-514=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): gstreamer-0_10-plugin-gstflump3dec-0.10.21-1.3.1 gstreamer-0_10-plugin-gstflump3dec-debuginfo-0.10.21-1.3.1 gstreamer-plugin-gstflump3dec-0.10.21-1.3.1 gstreamer-plugin-gstflump3dec-debuginfo-0.10.21-1.3.1 gstreamer-plugin-gstflump3dec-debugsource-0.10.21-1.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): gstreamer-0_10-plugin-gstflump3dec-0.10.21-1.3.1 gstreamer-0_10-plugin-gstflump3dec-debuginfo-0.10.21-1.3.1 gstreamer-plugin-gstflump3dec-0.10.21-1.3.1 gstreamer-plugin-gstflump3dec-debuginfo-0.10.21-1.3.1 gstreamer-plugin-gstflump3dec-debugsource-0.10.21-1.3.1 References: https://bugzilla.suse.com/843982 From sle-updates at lists.suse.com Thu Feb 27 10:15:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 18:15:55 +0100 (CET) Subject: SUSE-SU-2020:0516-1: moderate: Security update for openssl Message-ID: <20200227171555.3E576F798@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0516-1 Rating: moderate References: #1117951 #1160163 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for openssl fixes the following issues: - Add missing commits fixing the security issue called "The 9 Lives of Bleichenbacher's CAT". (bsc#1117951) - Fix a memory leak problem in function 'BN_copy()'. (bsc#1160163) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-516=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-516=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): openssl-doc-1.0.1i-54.32.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libopenssl1_0_0-1.0.1i-54.32.1 libopenssl1_0_0-32bit-1.0.1i-54.32.1 libopenssl1_0_0-debuginfo-1.0.1i-54.32.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.32.1 libopenssl1_0_0-hmac-1.0.1i-54.32.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.32.1 openssl-1.0.1i-54.32.1 openssl-debuginfo-1.0.1i-54.32.1 openssl-debugsource-1.0.1i-54.32.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-54.32.1 libopenssl1_0_0-debuginfo-1.0.1i-54.32.1 libopenssl1_0_0-hmac-1.0.1i-54.32.1 openssl-1.0.1i-54.32.1 openssl-debuginfo-1.0.1i-54.32.1 openssl-debugsource-1.0.1i-54.32.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-54.32.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.32.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.32.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): openssl-doc-1.0.1i-54.32.1 References: https://bugzilla.suse.com/1117951 https://bugzilla.suse.com/1160163 From sle-updates at lists.suse.com Thu Feb 27 10:16:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 18:16:44 +0100 (CET) Subject: SUSE-SU-2020:0510-1: moderate: Security update for python Message-ID: <20200227171644.281F0F798@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0510-1 Rating: moderate References: #1162224 #1162367 #1162825 Cross-References: CVE-2019-9674 CVE-2020-8492 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation, warning about dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-510=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-510=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-510=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-510=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.17-7.35.1 python-base-debugsource-2.7.17-7.35.1 python-curses-2.7.17-7.35.1 python-curses-debuginfo-2.7.17-7.35.1 python-debuginfo-2.7.17-7.35.1 python-debugsource-2.7.17-7.35.1 python-devel-2.7.17-7.35.1 python-gdbm-2.7.17-7.35.1 python-gdbm-debuginfo-2.7.17-7.35.1 python-xml-2.7.17-7.35.1 python-xml-debuginfo-2.7.17-7.35.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.17-7.35.1 python-debugsource-2.7.17-7.35.1 python-demo-2.7.17-7.35.1 python-idle-2.7.17-7.35.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpython2_7-1_0-32bit-2.7.17-7.35.1 libpython2_7-1_0-32bit-debuginfo-2.7.17-7.35.1 python-32bit-2.7.17-7.35.1 python-32bit-debuginfo-2.7.17-7.35.1 python-base-32bit-2.7.17-7.35.1 python-base-32bit-debuginfo-2.7.17-7.35.1 python-base-debugsource-2.7.17-7.35.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python-doc-2.7.17-7.35.1 python-doc-pdf-2.7.17-7.35.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.17-7.35.1 python-debugsource-2.7.17-7.35.1 python-tk-2.7.17-7.35.1 python-tk-debuginfo-2.7.17-7.35.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-7.35.1 libpython2_7-1_0-debuginfo-2.7.17-7.35.1 python-2.7.17-7.35.1 python-base-2.7.17-7.35.1 python-base-debuginfo-2.7.17-7.35.1 python-base-debugsource-2.7.17-7.35.1 python-debuginfo-2.7.17-7.35.1 python-debugsource-2.7.17-7.35.1 References: https://www.suse.com/security/cve/CVE-2019-9674.html https://www.suse.com/security/cve/CVE-2020-8492.html https://bugzilla.suse.com/1162224 https://bugzilla.suse.com/1162367 https://bugzilla.suse.com/1162825 From sle-updates at lists.suse.com Thu Feb 27 10:18:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 18:18:09 +0100 (CET) Subject: SUSE-RU-2020:0518-1: Recommended update for rpmlint-mini Message-ID: <20200227171809.176E8F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpmlint-mini ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0518-1 Rating: low References: #1110797 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rpmlint-mini includes the updated permissons for amanda (bsc#1110797) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-518=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-518=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.8-2.15.1 rpmlint-mini-debuginfo-1.8-2.15.1 rpmlint-mini-debugsource-1.8-2.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.8-2.15.1 rpmlint-mini-debuginfo-1.8-2.15.1 rpmlint-mini-debugsource-1.8-2.15.1 References: https://bugzilla.suse.com/1110797 From sle-updates at lists.suse.com Thu Feb 27 10:19:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 18:19:32 +0100 (CET) Subject: SUSE-RU-2020:0513-1: moderate: Recommended update for python-kiwi Message-ID: <20200227171932.230A4F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0513-1 Rating: moderate References: #1108508 #1110869 #1110871 #1112357 #1119416 #1123185 #1123186 #1124885 #1126283 #1126318 #1127173 #1128146 #1129566 #1132455 #1136444 #1139915 #1141168 #1142899 #1143033 #1150190 #1155815 #1156694 #1156908 #1157103 #1157104 #1157354 #1159235 #1159538 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 28 recommended fixes can now be installed. Description: This update for python-kiwi fixes the following issues: - Fixed root setup when building in OBS - Fix the sha256 generated file content in a 'kiwi result bundle' call with the correct extension. (bsc#1139915, bsc#1127173) - Avoid default installation of dracut kiwi modules. (bsc#1142899, bsc#1136444) - Add support for custom fstab extension. (bsc#1129566) - Add decrypt dependency to kiwi-lib dracut module. (bsc#1142899) - The 99-kiwi-lib requires rmdir, install it. (bsc#1143033) - Fix committing ensures KIWI is not creating a new machine-id empty file in case it was not provided during the system installation. (bsc#1141168) - Extend spare partition setup. (bsc#1129566) - Preserve licenses/other txt files by baseStripFirmware as needed files. (bsc#1132455) - Update compression flag for qcow2 format. (bsc#1128146) - Fixed import of signing keys by compat symlink. (bsc#1112357) - Followup fix for disk detection from root device. (bsc#1126283, bsc#1126318) - Fixed disk detection from root device (bsc#1126283, bsc#1126318) - Fix location of grub unicode font. (bsc#1124885) - Using a static dbpath to store an optionally given signing key. (bsc#1112357) - Fixed Xen guest detection for the x86_64. (bsc#1123186, bsc#1123185) - Fixed location of grub unicode font file. (bsc#1119416) - Add Codec utils for bytes literals decoding. (bsc#1110871) - Adding bugfix trace for bsc#1110869 bsc#1108508 - Update libyui-ncurses-pkg10 to libyui-ncurses-pkg11. (bsc#1159538) - Fix grub2 configuration for shim fallback setup if shim fallback setup is enabled the grub.cfg is copied to the EFI partition. (bsc#1159235, bsc#1157354, bsc#1155815) - No swap volume is added on btrfs as the volume manager is not LVM, so swap has its own volume. (bsc#1156908) - Fixed setup of default grub config preventing grub2-mkconfig to place the root device information twice. (bsc#1156908) - Include 'grub.cfg' inside the efi partition the vfat. (bsc#1157354) - Fix for kiwi relative path in repository element. (bsc#1157104) - Fixed 'zipl' bootloader setup for 's390' images. (bsc#1156694) - Fixed rpmdb compat link setup removing the hardcoded path '/var/lib/rpm' and use the rpm macro definition instead. (bsc#1150190) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2020-513=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-513=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (x86_64): kiwi-pxeboot-9.19.8-3.7.10 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.19.8-3.7.10 dracut-kiwi-live-9.19.8-3.7.10 dracut-kiwi-oem-dump-9.19.8-3.7.10 dracut-kiwi-oem-repart-9.19.8-3.7.10 dracut-kiwi-overlay-9.19.8-3.7.10 kiwi-man-pages-9.19.8-3.7.10 kiwi-tools-9.19.8-3.7.10 kiwi-tools-debuginfo-9.19.8-3.7.10 python-kiwi-debugsource-9.19.8-3.7.10 python3-kiwi-9.19.8-3.7.10 References: https://bugzilla.suse.com/1108508 https://bugzilla.suse.com/1110869 https://bugzilla.suse.com/1110871 https://bugzilla.suse.com/1112357 https://bugzilla.suse.com/1119416 https://bugzilla.suse.com/1123185 https://bugzilla.suse.com/1123186 https://bugzilla.suse.com/1124885 https://bugzilla.suse.com/1126283 https://bugzilla.suse.com/1126318 https://bugzilla.suse.com/1127173 https://bugzilla.suse.com/1128146 https://bugzilla.suse.com/1129566 https://bugzilla.suse.com/1132455 https://bugzilla.suse.com/1136444 https://bugzilla.suse.com/1139915 https://bugzilla.suse.com/1141168 https://bugzilla.suse.com/1142899 https://bugzilla.suse.com/1143033 https://bugzilla.suse.com/1150190 https://bugzilla.suse.com/1155815 https://bugzilla.suse.com/1156694 https://bugzilla.suse.com/1156908 https://bugzilla.suse.com/1157103 https://bugzilla.suse.com/1157104 https://bugzilla.suse.com/1157354 https://bugzilla.suse.com/1159235 https://bugzilla.suse.com/1159538 From sle-updates at lists.suse.com Thu Feb 27 10:26:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 18:26:09 +0100 (CET) Subject: SUSE-RU-2020:0517-1: moderate: Recommended update for cifs-utils Message-ID: <20200227172609.A6FD9F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0517-1 Rating: moderate References: #1130528 #1132087 #1136031 #1149164 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for cifs-utils fixes the following issues: Update cifs-utils 6.9; (bsc#1132087); (bsc#1136031). * follow SMB default version changes in the kernel. * adds fixes for Azure * new smbinfo utility - Fix double-free in mount.cifs; (bsc#1149164). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-517=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-517=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): cifs-utils-debuginfo-6.9-5.3.1 cifs-utils-debugsource-6.9-5.3.1 pam_cifscreds-6.9-5.3.1 pam_cifscreds-debuginfo-6.9-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-5.3.1 cifs-utils-debuginfo-6.9-5.3.1 cifs-utils-debugsource-6.9-5.3.1 cifs-utils-devel-6.9-5.3.1 References: https://bugzilla.suse.com/1130528 https://bugzilla.suse.com/1132087 https://bugzilla.suse.com/1136031 https://bugzilla.suse.com/1149164 From sle-updates at lists.suse.com Thu Feb 27 10:27:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 18:27:47 +0100 (CET) Subject: SUSE-SU-2020:0511-1: important: Security update for the Linux Kernel Message-ID: <20200227172747.541DFF798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0511-1 Rating: important References: #1046303 #1050244 #1050549 #1051510 #1051858 #1061840 #1065600 #1065729 #1071995 #1083647 #1085030 #1086301 #1086313 #1086314 #1088810 #1090888 #1103989 #1103990 #1103991 #1104353 #1104427 #1104745 #1105392 #1109837 #1111666 #1112178 #1112374 #1112504 #1113956 #1114279 #1114685 #1115026 #1118338 #1118661 #1123328 #1126206 #1127371 #1127611 #1127682 #1129551 #1133021 #1133147 #1134973 #1140025 #1142685 #1143959 #1144162 #1144333 #1151548 #1151910 #1151927 #1152107 #1152631 #1153535 #1153917 #1154243 #1154601 #1154768 #1154916 #1155331 #1155334 #1155689 #1156259 #1156286 #1156462 #1157155 #1157157 #1157169 #1157303 #1157424 #1157480 #1157692 #1157853 #1157895 #1157908 #1157966 #1158013 #1158021 #1158026 #1158071 #1158094 #1158132 #1158381 #1158533 #1158819 #1158823 #1158824 #1158827 #1158834 #1158893 #1158900 #1158903 #1158904 #1158954 #1159024 #1159028 #1159271 #1159297 #1159377 #1159394 #1159483 #1159484 #1159500 #1159569 #1159588 #1159841 #1159908 #1159909 #1159910 #1159911 #1159955 #1160147 #1160195 #1160210 #1160211 #1160218 #1160433 #1160442 #1160469 #1160470 #1160476 #1160560 #1160618 #1160678 #1160755 #1160756 #1160784 #1160787 #1160802 #1160803 #1160804 #1160917 #1160966 #1160979 #1161087 #1161243 #1161360 #1161472 #1161514 #1161518 #1161522 #1161523 #1161549 #1161552 #1161674 #1161702 #1161907 #1161931 #1161933 #1161934 #1161935 #1161936 #1161937 #1162028 #1162067 #1162109 #1162139 #1162557 #1162617 #1162618 #1162619 #1162623 #1162928 #1162943 #1163206 #1163383 #1163384 #1163762 #1163774 #1163836 #1163840 #1163841 #1163842 #1163843 #1163844 #1163845 #1163846 #1163849 #1163850 #1163851 #1163852 #1163853 #1163855 #1163856 #1163857 #1163858 #1163859 #1163860 #1163861 #1163862 #1163863 #1163867 #1163869 #1163880 #1164051 #1164069 #1164098 #1164115 #1164314 #1164315 #1164388 #1164471 #1164598 #1164632 Cross-References: CVE-2019-14615 CVE-2019-14896 CVE-2019-14897 CVE-2019-16746 CVE-2019-16994 CVE-2019-18808 CVE-2019-19036 CVE-2019-19045 CVE-2019-19051 CVE-2019-19054 CVE-2019-19066 CVE-2019-19318 CVE-2019-19319 CVE-2019-19332 CVE-2019-19338 CVE-2019-19447 CVE-2019-19523 CVE-2019-19526 CVE-2019-19527 CVE-2019-19532 CVE-2019-19533 CVE-2019-19535 CVE-2019-19537 CVE-2019-19767 CVE-2019-19927 CVE-2019-19965 CVE-2019-19966 CVE-2019-20054 CVE-2019-20095 CVE-2019-20096 CVE-2020-7053 CVE-2020-8428 CVE-2020-8648 CVE-2020-8992 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that solves 34 vulnerabilities and has 170 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195). - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bnc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bnc#1157155). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c. It did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107). - CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service, aka CID-07f12b26e21a (bnc#1161523). - CVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption), aka CID-128c66429247 (bnc#1156259). - CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692). - CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522). - CVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c allowed attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7 (bnc#1159024). - CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518). - CVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption), aka CID-0e62395da2bd (bnc#1157303). - CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026). - CVE-2019-19319: A slab-out-of-bounds write access could have occured when setxattr was called after mounting of a specially crafted ext4 image (bnc#1158021). - CVE-2019-19332: An out-of-bounds memory write issue was found in the way the KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could have used this flaw to crash the system (bnc#1158827). - CVE-2019-19338: There was an incomplete fix for an issue with Transactional Synchronisation Extensions in the KVM code (bsc#1158954). - CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting could have led to a use-after-free in fs/ext4/super.c (bnc#1158819). - CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bsc#1158823). - CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098 (bsc#1158893). - CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e (bsc#1158900). - CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB HID device, aka CID-d9d4b1e46d95 (bsc#1158824). - CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464 (bsc#1158834). - CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042 (bsc#1158903). - CVE-2019-19537: There was a race condition bug that could be caused by a malicious USB character device, aka CID-303911cfc5b9. (bsc#1158904). - CVE-2019-19767: There were multiple use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163 (bnc#1159297). - CVE-2019-19927: A slab-out-of-bounds read access could have been caused when mounting a crafted f2fs filesystem image and performing some operations on it, in drivers/gpu/drm/ttm/ttm_page_alloc.c (bnc#1160147). - CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911). - CVE-2019-19966: There was a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that could have caused a denial of service, aka CID-dea37a972655 (bnc#1159841). - CVE-2019-20054: There was a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e (bnc#1159910). - CVE-2019-20095: Several memory leaks were found in drivers/net/wireless/marvell/mwifiex/cfg80211.c, aka CID-003b686ace82 (bnc#1159909). - CVE-2019-20096: There was a memory leak in __feat_register_sp() in net/dccp/feat.c, aka CID-1d3ff0950e2b (bnc#1159908). - CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c (bnc#1160966). - CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9 (bnc#1162109). - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928). - CVE-2020-8992: An issue was discovered in ext4_protect_reserved_inode in fs/ext4/block_validity.c that allowed attackers to cause a soft lockup via a crafted journal size (bnc#1164069). The following non-security bugs were fixed: - 6pack,mkiss: fix possible deadlock (bsc#1051510). - a typo in %kernel_base_conflicts macro name - ACPI / APEI: Do not wait to serialise with oops messages when panic()ing (bsc#1051510). - ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510). - ACPI / LPSS: Ignore acpi_device_fix_up_power() return value (bsc#1051510). - ACPI / video: Add force_none quirk for Dell OptiPlex 9020M (bsc#1051510). - ACPI / watchdog: Fix init failure with overlapping register regions (bsc#1162557). - ACPI / watchdog: Set default timeout in probe (bsc#1162557). - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() (bsc#1051510). - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() (bsc#1051510). - ACPI: OSL: only free map once in osl.c (bsc#1051510). - ACPI: PM: Avoid attaching ACPI PM domain to certain devices (bsc#1051510). - ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bsc#1051510). - ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards (bsc#1051510). - ACPI: watchdog: Allow disabling WDAT at boot (bsc#1162557). - af_packet: set defaule value for tmo (bsc#1051510). - ALSA: control: remove useless assignment in .info callback of PCM chmap element (git-fixes). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: echoaudio: simplify get_audio_levels (bsc#1051510). - ALSA: fireface: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s (git-fixes). - ALSA: hda - Apply sync-write workaround to old Intel platforms, too (bsc#1111666). - ALSA: hda - constify and cleanup static NodeID tables (bsc#1111666). - ALSA: hda - Downgrade error message for single-cmd fallback (git-fixes). - ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen (git-fixes). - ALSA: hda/analog - Minor optimization for SPDIF mux connections (git-fixes). - ALSA: hda/ca0132 - Avoid endless loop (git-fixes). - ALSA: hda/ca0132 - Fix work handling in delayed HP detection (git-fixes). - ALSA: hda/ca0132 - Keep power on during processing DSP response (git-fixes). - ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio (git-fixes). - ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() (git-fixes). - ALSA: hda/hdmi - Clean up Intel platform-specific fixup checks (bsc#1111666). - ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA (bsc#1051510). - ALSA: hda/hdmi - Fix duplicate unref of pci_dev (bsc#1051510). - ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD (git-fixes). - ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker (bsc#1111666). - ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bsc#1051510). - ALSA: hda/realtek - Add Headset Mic supported for HP cPC (bsc#1111666). - ALSA: hda/realtek - Add new codec supported for ALCS1200A (bsc#1111666). - ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen (bsc#1111666). - ALSA: hda/realtek - Apply mic mute LED quirk for Dell E7xx laptops, too (bsc#1111666). - ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 (git-fixes). - ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC (bsc#1111666). - ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G (git-fixes). - ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes). - ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported (bsc#1111666). - ALSA: hda/realtek - Line-out jack does not work on a Dell AIO (bsc#1051510). - ALSA: hda/realtek - More constifications (bsc#1111666). - ALSA: hda/realtek - Set EAPD control to default for ALC222 (bsc#1111666). - ALSA: hda: Add Clevo W65_67SB the power_save blacklist (git-fixes). - ALSA: hda: Add JasperLake PCI ID and codec vid (bsc#1111666). - ALSA: hda: Clear RIRB status before reading WP (bsc#1111666). - ALSA: hda: constify copied structure (bsc#1111666). - ALSA: hda: Constify snd_kcontrol_new items (bsc#1111666). - ALSA: hda: Constify snd_pci_quirk tables (bsc#1111666). - ALSA: hda: correct kernel-doc parameter descriptions (bsc#1111666). - ALSA: hda: hdmi - add Tigerlake support (bsc#1111666). - ALSA: hda: hdmi - fix pin setup on Tigerlake (bsc#1111666). - ALSA: hda: More constifications (bsc#1111666). - ALSA: hda: patch_hdmi: remove warnings with empty body (bsc#1111666). - ALSA: hda: patch_realtek: fix empty macro usage in if block (bsc#1111666). - ALSA: hda: Reset stream if DMA RUN bit not cleared (bsc#1111666). - ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs (git-fixes). - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code (bsc#1051510). - ALSA: oxfw: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: pcm: Avoid possible info leaks from PCM stream buffers (git-fixes). - ALSA: pcm: oss: Avoid potential buffer overflows (git-fixes). - ALSA: seq: Avoid concurrent access to queue flags (git-fixes). - ALSA: seq: Fix concurrent access to queue current tick/time (git-fixes). - ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510). - ALSA: sh: Fix compile warning wrt const (git-fixes). - ALSA: sh: Fix unused variable warnings (bsc#1111666). - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5 (bsc#1111666). - ALSA: usb-audio: Fix endianess in descriptor validation (bsc#1111666). - ALSA: usb-audio: fix set_format altsetting sanity check (bsc#1051510). - ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510). - apparmor: fix unsigned len comparison with less than zero (git-fixes). - ar5523: check NULL before memcpy() in ar5523_cmd() (bsc#1051510). - arm64: Revert support for execute-only user mappings (bsc#1160218). - ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510). - ASoC: compress: fix unsigned integer overflow check (bsc#1051510). - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' (bsc#1051510). - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report (bsc#1051510). - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 (bsc#1051510). - ASoC: samsung: i2s: Fix prescaler setting for the secondary DAI (bsc#1111666). - ASoC: sun8i-codec: Fix setting DAI data format (git-fixes). - ASoC: wm8962: fix lambda value (git-fixes). - ata: ahci: Add shutdown to freeze hardware resources of ahci (bsc#1164388). - ath10k: Correct the DMA direction for management tx buffers (bsc#1111666). - ath10k: fix fw crash by moving chip reset after napi disabled (bsc#1051510). - ath10k: pci: Fix comment on ath10k_pci_dump_memory_sram (bsc#1111666). - ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe (bsc#1111666). - ath6kl: Fix off by one error in scan completion (bsc#1051510). - ath9k: fix storage endpoint lookup (git-fixes). - atl1e: checking the status of atl1e_write_phy_reg (bsc#1051510). - audit: Allow auditd to set pid to 0 to end auditing (bsc#1158094). - batman-adv: Fix DAT candidate selection on little endian systems (bsc#1051510). - bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (bsc#1163762). - bcache: add code comments for state->pool in __btree_sort() (bsc#1163762). - bcache: add code comments in bch_btree_leaf_dirty() (bsc#1163762). - bcache: add cond_resched() in __bch_cache_cmp() (bsc#1163762). - bcache: add idle_max_writeback_rate sysfs interface (bsc#1163762). - bcache: add more accurate error messages in read_super() (bsc#1163762). - bcache: add readahead cache policy options via sysfs interface (bsc#1163762). - bcache: at least try to shrink 1 node in bch_mca_scan() (bsc#1163762). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bsc#1163762). - bcache: check return value of prio_read() (bsc#1163762). - bcache: deleted code comments for dead code in bch_data_insert_keys() (bsc#1163762). - bcache: do not export symbols (bsc#1163762). - bcache: explicity type cast in bset_bkey_last() (bsc#1163762). - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (bsc#1163762). - bcache: Fix an error code in bch_dump_read() (bsc#1163762). - bcache: fix deadlock in bcache_allocator (bsc#1163762). - bcache: fix incorrect data type usage in btree_flush_write() (bsc#1163762). - bcache: fix memory corruption in bch_cache_accounting_clear() (bsc#1163762). - bcache: fix static checker warning in bcache_device_free() (bsc#1163762). - bcache: ignore pending signals when creating gc and allocator thread (bsc#1163762, bsc#1112504). - bcache: print written and keys in trace_bcache_btree_write (bsc#1163762). - bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (bsc#1163762). - bcache: reap from tail of c->btree_cache in bch_mca_scan() (bsc#1163762). - bcache: remove macro nr_to_fifo_front() (bsc#1163762). - bcache: remove member accessed from struct btree (bsc#1163762). - bcache: remove the extra cflags for request.o (bsc#1163762). - bcache: Revert "bcache: shrink btree node cache after bch_btree_check()" (bsc#1163762, bsc#1112504). - bcma: remove set but not used variable 'sizel' (git-fixes). - blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1159377). - blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840). - blk-mq: make sure that line break can be printed (bsc#1159377). - blk-mq: make sure that line break can be printed (bsc#1164098). - Bluetooth: Fix race condition in hci_release_sock() (bsc#1051510). - Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading (bsc#1051510). - bnxt: apply computed clamp value for coalece parameter (bsc#1104745). - bnxt_en: Fix MSIX request logic for RDMA driver (bsc#1104745 ). - bnxt_en: Return error if FW returns more data than dump length (bsc#1104745). - bonding: fix active-backup transition after link failure (git-fixes). - bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510). - bonding: fix slave stuck in BOND_LINK_FAIL state (networking-stable-19_11_10). - bonding: fix state transition issue in link monitoring (networking-stable-19_11_10). - bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510). - bpf, offload: Unlock on error in bpf_offload_dev_create() (bsc#1109837). - bpf/sockmap: Read psock ingress_msg before sk_receive_queue (bsc#1083647). - bpf/stackmap: Fix deadlock with rq_lock in bpf_get_stack() (bsc#1083647). - bpf: add self-check logic to liveness analysis (bsc#1160618). - bpf: add verifier stats and log_level bit 2 (bsc#1160618). - bpf: Fix incorrect verifier simulation of ARSH under ALU32 (bsc#1083647). - bpf: improve stacksafe state comparison (bco#1160618). - bpf: improve verification speed by droping states (bsc#1160618). - bpf: improve verification speed by not remarking live_read (bsc#1160618). - bpf: improve verifier branch analysis (bsc#1160618). - bpf: increase complexity limit and maximum program size (bsc#1160618). - bpf: increase verifier log limit (bsc#1160618). - bpf: Make use of probe_user_write in probe write helper (bsc#1083647). - bpf: Reject indirect var_off stack access in raw mode (bsc#1160618). - bpf: Reject indirect var_off stack access in unpriv mode (bco#1160618). - bpf: Sanity check max value for var_off stack access (bco#1160618). - bpf: skmsg, fix potential psock NULL pointer dereference (bsc#1109837). - bpf: speed up stacksafe check (bco#1160618). - bpf: Support variable offset stack access from helpers (bco#1160618). - bpf: verifier: teach the verifier to reason about the BPF_JSET instruction (bco#1160618). - brcmfmac: fix interface sanity check (git-fixes). - brcmfmac: Fix memory leak in brcmf_p2p_create_p2pdev() (bsc#1111666). - brcmfmac: Fix memory leak in brcmf_usbdev_qinit (git-fixes). - brcmfmac: Fix use after free in brcmf_sdio_readframes() (git-fixes). - brcmfmac: sdio: Fix OOB interrupt initialization on brcm43362 (bsc#1111666). - brcmfmac: set F2 watermark to 256 for 4373 (bsc#1111666). - brcmfmac: set SDIO F1 MesBusyCtrl for CYW4373 (bsc#1111666). - btrfs: abort transaction after failed inode updates in create_subvol (bsc#1161936). - btrfs: add missing extents release on file extent cluster relocation error (bsc#1159483). - btrfs: avoid fallback to transaction commit during fsync of files with holes (bsc#1159569). - btrfs: dev-replace: remove warning for unknown return codes when finished (dependency for bsc#1162067). - btrfs: do not call synchronize_srcu() in inode_tree_del (bsc#1161934). - btrfs: do not double lock the subvol_sem for rename exchange (bsc#1162943). - btrfs: Ensure we trim ranges across block group boundary (bsc#1151910). - btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442). - btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243). - btrfs: fix infinite loop during fsync after rename operations (bsc#1163383). - btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804). - btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433). - btrfs: fix missing data checksums after replaying a log tree (bsc#1161931). - btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802). - btrfs: fix race between adding and putting tree mod seq elements and nodes (bsc#1163384). - btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803). - btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692). - btrfs: handle ENOENT in btrfs_uuid_tree_iterate (bsc#1161937). - btrfs: harden agaist duplicate fsid on scanned devices (bsc#1134973). - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692). - btrfs: make tree checker detect checksum items with overlapping ranges (bsc#1161931). - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692). - btrfs: record all roots for rename exchange on a subvol (bsc#1161933). - btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588). - btrfs: scrub: Require mandatory block group RO for dev-replace (bsc#1162067). - btrfs: send, skip backreference walking for extents with many references (bsc#1162139). - btrfs: simplify inode locking for RWF_NOWAIT (git-fixes). - btrfs: skip log replay on orphaned roots (bsc#1161935). - btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692). - btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692). - btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692). - btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692). - btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692). - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692). - btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692). - btrfs: tree-checker: Verify dev item (dependency for bsc#1157692). - btrfs: tree-checker: Verify inode item (dependency for bsc#1157692). - btrfs: volumes: Use more straightforward way to calculate map length (bsc#1151910). - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1051510). - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs (bsc#1051510). - can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open (bsc#1051510). - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510). - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510). - can: peak_usb: report bus recovery as well (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors (bsc#1051510). - can: slcan: Fix use-after-free Read in slcan_open (bsc#1051510). - CDC-NCM: handle incomplete transfer of MTU (networking-stable-19_11_10). - cdrom: respect device capabilities during opening action (boo#1164632). - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510). - cfg80211: check for set_wiphy_params (bsc#1051510). - cfg80211: fix deadlocks in autodisconnect work (bsc#1111666). - cfg80211: fix memory leak in cfg80211_cqm_rssi_update (bsc#1111666). - cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510). - cgroup: pids: use atomic64_t for pids->limit (bsc#1161514). - chardev: Avoid potential use-after-free in 'chrdev_open()' (bsc#1163849). - cifs: add support for flock (bsc#1144333). - cifs: Close cached root handle only if it had a lease (bsc#1144333). - cifs: Close open handle after interrupted close (bsc#1144333). - cifs: close the shared root handle on tree disconnect (bsc#1144333). - cifs: Do not miss cancelled OPEN responses (bsc#1144333). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: Fix NULL pointer dereference in mid callback (bsc#1144333). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1144333). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1144333). - cifs: Properly process SMB3 lease breaks (bsc#1144333). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1144333). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333). - clk: Do not try to enable critical clocks if prepare failed (bsc#1051510). - clk: imx: clk-composite-8m: add lock to gate/mux (git-fixes). - clk: mmp2: Fix the order of timer mux parents (bsc#1051510). - clk: qcom: rcg2: Do not crash if our parent can't be found; return an error (bsc#1051510). - clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510). - clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510). - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510). - clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510). - clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock (bsc#1051510). - clk: sunxi: sun9i-mmc: Implement reset callback for reset controls (bsc#1051510). - clk: tegra: Mark fuse clock as critical (bsc#1051510). - clocksource/drivers/bcm2835_timer: Fix memory leak of timer (bsc#1051510). - clocksource: Prevent double add_timer_on() for watchdog_timer (bsc#1051510). - closures: fix a race on wakeup from closure_sync (bsc#1163762). - configfs_register_group() shouldn't be (and isn't) called in rmdirable parts (bsc#1051510). - copy/pasted "Recommends:" instead of "Provides:", "Obsoletes:" and "Conflicts: - Cover up kABI breakage due to DH key verification (bsc#1155331). - crypto: af_alg - Use bh_lock_sock in sk_destruct (bsc#1051510). - crypto: api - Check spawn->alg under lock in crypto_drop_spawn (bsc#1051510). - crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510). - crypto: atmel-sha - fix error handling when setting hmac key (bsc#1051510). - crypto: caam/qi2 - fix typo in algorithm's driver name (bsc#1111666). - crypto: ccp - fix uninitialized list head (bsc#1051510). - crypto: chelsio - fix writing tfm flags to wrong place (bsc#1051510). - crypto: dh - add public key verification test (bsc#1155331). - crypto: dh - fix calculating encoded key size (bsc#1155331). - crypto: dh - fix memory leak (bsc#1155331). - crypto: dh - update test for public key verification (bsc#1155331). - crypto: DRBG - add FIPS 140-2 CTRNG for noise source (bsc#1155334). - crypto: ecdh - add public key verification test (bsc#1155331). - crypto: ecdh - fix typo of P-192 b value (bsc#1155331). - crypto: mxc-scc - fix build warnings on ARM64 (bsc#1051510). - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request (bsc#1051510). - crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill (bsc#1051510). - crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix). - cxgb4: request the TX CIDX updates to status page (bsc#1127371). - dma-buf: Fix memory leak in sync_file_merge() (git-fixes). - dma-mapping: fix return type of dma_set_max_seg_size() (bsc#1051510). - dmaengine: coh901318: Fix a double-lock bug (bsc#1051510). - dmaengine: coh901318: Remove unused variable (bsc#1051510). - dmaengine: Fix access to uninitialized dma_slave_caps (bsc#1051510). - Documentation: Document arm64 kpti control (bsc#1162623). - drivers/base/memory.c: cache blocks in radix tree to accelerate lookup (bsc#1159955 ltc#182993). - drivers/base/memory.c: do not access uninitialized memmaps in soft_offline_page_store() (bsc#1051510). - drivers/base/platform.c: kmemleak ignore a known leak (bsc#1051510). - drivers/regulator: fix a missing check of return value (bsc#1051510). - drm/amd/display: Retrain dongles when SINK_COUNT becomes non-zero (bsc#1111666). - drm/amd/powerplay: remove set but not used variable 'us_mvdd' (bsc#1111666). - drm/amdgpu/{uvd,vcn}: fetch ring's read_ptr after alloc (bsc#1111666). - drm/amdgpu: add function parameter description in 'amdgpu_device_set_cg_state' (bsc#1111666). - drm/amdgpu: add function parameter description in 'amdgpu_gart_bind' (bsc#1051510). - drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1114279) - drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2) (bsc#1111666). - drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510). - drm/amdgpu: remove always false comparison in 'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'amdgpu_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'invalid' (bsc#1111666). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from 'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510). - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510). - drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510). - drm/i810: Prevent underflow in ioctl (bsc#1114279) - drm/i915/gvt: Pin vgpu dma address before using (bsc#1112178) - drm/i915/gvt: set guest display buffer as readonly (bsc#1112178) - drm/i915/gvt: use vgpu lock for active state setting (bsc#1112178) - drm/i915/perf: add missing delay for OA muxes configuration (bsc#1111666). - drm/i915: Add missing include file (bsc#1051510). - drm/i915: Call dma_set_max_seg_size() in i915_driver_hw_probe() (bsc#1111666). - drm/i915: Fix pid leak with banned clients (bsc#1114279) - drm/i915: Handle vm_mmap error during I915_GEM_MMAP ioctl with WC set (bsc#1111666). - drm/i915: Make sure cdclk is high enough for DP audio on VLV/CHV (bsc#1111666). - drm/i915: Sanity check mmap length against object size (bsc#1111666). - drm/msm: include linux/sched/task.h (bsc#1112178) - drm/mst: Fix MST sideband up-reply failure handling (bsc#1051510). - drm/nouveau/bar/gf100: ensure BAR is mapped (bsc#1111666). - drm/nouveau/bar/nv50: check bar1 vmm return value (bsc#1111666). - drm/nouveau/mmu: qualify vmm during dtor (bsc#1111666). - drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() (bsc#1051510). - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler (bsc#1051510). - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028) - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028) - drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279) - drm/rect: Avoid division by zero (bsc#1111666). - drm/rect: update kerneldoc for drm_rect_clip_scaled() (bsc#1111666). - drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510). - drm/rockchip: Round up _before_ giving to the clock framework (bsc#1114279) - drm/sun4i: hdmi: Remove duplicate cleanup calls (bsc#1113956) - drm/sun4i: tcon: Set min division of TCON0_DCLK to 1 (bsc#1111666). - drm/sun4i: tcon: Set RGB DCLK min. divider based on hardware model (bsc#1111666). - drm/ttm: ttm_tt_init_fields() can be static (bsc#1111666). - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510). - drm: bridge: dw-hdmi: constify copied structure (bsc#1051510). - drm: limit to INT_MAX in create_blob ioctl (bsc#1051510). - drm: meson: venc: cvbs: fix CVBS mode matching (bsc#1051510). - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1111666). - drm: panel-lvds: Potential Oops in probe error handling (bsc#1114279) - e1000e: Add support for Comet Lake (bsc#1158533). - e1000e: Add support for Tiger Lake (bsc#1158533). - e1000e: Increase pause and refresh time (bsc#1158533). - e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait (bsc#1051510). - Enable CONFIG_BLK_DEV_SR_VENDOR (boo#1164632). - enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147). - exit: panic before exit_mm() on global init exit (bsc#1161549). - ext2: check err when partial != NULL (bsc#1163859). - ext4, jbd2: ensure panic when aborting with zero errno (bsc#1163853). - ext4: check for directory entries too close to block end (bsc#1163861). - ext4: fix a bug in ext4_wait_for_tail_page_commit (bsc#1163841). - ext4: fix checksum errors with indexed dirs (bsc#1160979). - ext4: fix deadlock allocating crypto bounce page from mempool (bsc#1163842). - ext4: Fix mount failure with quota configured as module (bsc#1164471). - ext4: fix mount failure with quota configured as module (bsc#1164471). - ext4: improve explanation of a mount failure caused by a misconfigured kernel (bsc#1163843). - extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510). - firestream: fix memory leaks (bsc#1051510). - fix autofs regression caused by follow_managed() changes (bsc#1159271). - fix dget_parent() fastpath race (bsc#1159271). - Fix partial checked out tree build ... so that bisection does not break. - Fix the locking in dcache_readdir() and friends (bsc#1123328). - fjes: fix missed check in fjes_acpi_add (bsc#1051510). - fs/namei.c: fix missing barriers when checking positivity (bsc#1159271). - fs/namei.c: pull positivity check into follow_managed() (bsc#1159271). - fs/open.c: allow opening only regular files during execve() (bsc#1163845). - fs: cifs: Fix atime update check vs mtime (bsc#1144333). - fscrypt: do not set policy for a dead directory (bsc#1163846). - ftrace: Add comment to why rcu_dereference_sched() is open coded (git-fixes). - ftrace: Avoid potential division by zero in function profiler (bsc#1160784). - ftrace: Protect ftrace_graph_hash with ftrace_sync (git-fixes). - genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392). - genirq: Prevent NULL pointer dereference in resend_irqs() (bsc#1051510). - genirq: Properly pair kobject_del() with kobject_add() (bsc#1051510). - gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510). - gtp: avoid zero size hashtable (networking-stable-20_01_01). - gtp: do not allow adding duplicate tid and ms_addr pdp context (networking-stable-20_01_01). - gtp: fix an use-after-free in ipv4_pdp_find() (networking-stable-20_01_01). - gtp: fix wrong condition in gtp_genl_dump_pdp() (networking-stable-20_01_01). - HID: doc: fix wrong data structure reference for UHID_OUTPUT (bsc#1051510). - HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510). - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510). - HID: intel-ish-hid: fixes incorrect error handling (bsc#1051510). - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510). - hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510). - hotplug/drc-info: Add code to search ibm,drc-info property (bsc#1157480 ltc#181028). - hv_netvsc: Fix offset usage in netvsc_send_table() (bsc#1164598). - hv_netvsc: Fix send_table offset in case of a host bug (bsc#1164598). - hv_netvsc: Fix tx_table init in rndis_set_subchannel() (bsc#1164598). - hv_netvsc: Fix unwanted rx_table reset (bsc#1164598). - hwmon: (adt7475) Make volt2reg return same reg as reg2volt input (bsc#1051510). - hwmon: (core) Do not use device managed functions for memory allocations (bsc#1051510). - hwmon: (k10temp) Add support for AMD family 17h, model 70h CPUs (bsc#1163206). - hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510). - hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions (bsc#1051510). - hwrng: stm32 - fix unbalanced pm_runtime_enable (bsc#1051510). - i2c: imx: do not print error message on probe defer (bsc#1051510). - IB/hfi1: Do not cancel unused work item (bsc#1114685 ). - IB/mlx5: Fix steering rule of drop and count (bsc#1103991 ). - IB/mlx5: Remove dead code (bsc#1103991). - ibmveth: Detect unsupported packets before sending to the hypervisor (bsc#1159484 ltc#182983). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - ice: fix stack leakage (bsc#1118661). - idr: Fix idr_alloc_u32 on 32-bit systems (bsc#1051510). - iio: adc: max9611: Fix too short conversion time delay (bsc#1051510). - iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510). - inet: protect against too small mtu values (networking-stable-19_12_16). - Input: aiptek - fix endpoint sanity check (bsc#1051510). - Input: cyttsp4_core - fix use after free bug (bsc#1051510). - Input: goodix - add upside-down quirk for Teclast X89 tablet (bsc#1051510). - Input: gtco - fix endpoint sanity check (bsc#1051510). - Input: keyspan-remote - fix control-message timeouts (bsc#1051510). - Input: pegasus_notetaker - fix endpoint sanity check (bsc#1051510). - Input: pm8xxx-vib - fix handling of separate enable register (bsc#1051510). - Input: rmi_f54 - read from FIFO in 32 byte blocks (bsc#1051510). - Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register (bsc#1051510). - Input: sur40 - fix interface sanity checks (bsc#1051510). - Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus (bsc#1051510). - Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers (bsc#1051510). - Input: synaptics-rmi4 - simplify data read in rmi_f54_work (bsc#1051510). - iommu/amd: Fix IOMMU perf counter clobbering during init (bsc#1162617). - iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA (bsc#1164314). - iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() (bsc#1164115). - iommu/iova: Init the struct iova to fix the possible memleak (bsc#1160469). - iommu/mediatek: Correct the flush_iotlb_all callback (bsc#1160470). - iommu/vt-d: Unlink device if failed to add to group (bsc#1160756). - iommu: Remove device link to group on failure (bsc#1160755). - ipmi: Do not allow device module unload when in use (bsc#1154768). - ipv4: Fix table id reference in fib_sync_down_addr (networking-stable-19_11_10). - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop (git-fixes). - iwlwifi: change monitor DMA to be coherent (bsc#1161243). - iwlwifi: clear persistence bit according to device family (bsc#1111666). - iwlwifi: do not throw error when trying to remove IGTK (bsc#1051510). - iwlwifi: mvm: fix NVM check for 3168 devices (bsc#1051510). - iwlwifi: mvm: force TCM re-evaluation on TCM resume (bsc#1111666). - iwlwifi: mvm: Send non offchannel traffic via AP sta (bsc#1051510). - iwlwifi: mvm: synchronize TID queue removal (bsc#1051510). - iwlwifi: pcie: fix erroneous print (bsc#1111666). - iwlwifi: trans: Clear persistence bit when starting the FW (bsc#1111666). - jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (bsc#1163862). - jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer (bsc#1163836). - jbd2: Fix possible overflow in jbd2_log_space_left() (bsc#1163860). - jbd2: make sure ESHUTDOWN to be recorded in the journal superblock (bsc#1163863). - jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() (bsc#1163880). - jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (bsc#1163852). - kABI fix for "ipmi: Do not allow device module unload when in use" (bsc#1154768). - kABI fixup for alloc_dax_region (bsc#1158071,bsc#1160678). - kABI workaround for can/skb.h inclusion (bsc#1051510). - kABI/severities: Whitelist rpaphp_get_drc_props (bsc#1157480 ltc#181028). - kABI: add _q suffix to exports that take struct dh (bsc#1155331). - kABI: protect struct sctp_ep_common (kabi). - kABI: Protest new fields in BPF structs (bsc#1160618). - kconfig: fix broken dependency in randconfig-generated .config (bsc#1051510). - kernel-binary.spec.in: do not recommend firmware for kvmsmall and azure flavor (boo#1161360). - kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787). - kernfs: Fix range checks in kernfs_get_target_path (bsc#1051510). - kexec: bail out upon SIGKILL when allocating memory (git-fixes). - KVM: Clean up __kvm_gfn_to_hva_cache_init() and its callers (bsc#1133021). - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails (bsc#1061840). - KVM: PPC: Book3S PR: Fix -Werror=return-type build failure (bsc#1061840). - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails (bsc#1061840). - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl (git-fixes). - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP (git-fixes). - KVM: SVM: Override default MMIO mask if memory encryption is enabled (bsc#1162618). - KVM: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476). - KVM: x86: Remove a spurious export of a static function (bsc#1158954). - lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop (bsc#1050549). - leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674). - leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674). - lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510). - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bsc#1051510). - lib: crc64: include for 'crc64_be' (bsc#1163762). - libnvdimm/namespace: Differentiate between probe mapping and runtime mapping (bsc#1153535). - libnvdimm/pfn: Account for PAGE_SIZE > info-block-size in nd_pfn_init() (bsc#1127682 bsc#1153535 ltc#175033 ltc#181834). - libnvdimm: Fix devm_nsio_enable() kabi (bsc#1153535). - livepatch/samples/selftest: Use klp_shadow_alloc() API correctly (bsc#1071995). - livepatch/selftest: Clean up shadow variable names and type (bsc#1071995). - locking/rwsem: Prevent decrement of reader count before increment (bsc#1050549). - mac80211: Do not send Layer 2 Update frame before authorization (bsc#1051510). - mac80211: fix ieee80211_txq_setup_flows() failure path (bsc#1111666). - mac80211: fix station inactive_time shortly after boot (bsc#1051510). - mac80211: Fix TKIP replay protection immediately after key setup (bsc#1051510). - mac80211: mesh: restrict airtime metric to peered established plinks (bsc#1051510). - macvlan: do not assume mac_header is set in macvlan_broadcast() (bsc#1051510). - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() (bsc#1051510). - mailbox: mailbox-test: fix null pointer if no mmio (bsc#1051510). - md/raid0: Fix buffer overflow at debug print (bsc#1164051). - media/v4l2-core: set pages dirty upon releasing DMA buffers (bsc#1051510). - media: af9005: uninitialized variable printked (bsc#1051510). - media: cec.h: CEC_OP_REC_FLAG_ values were swapped (bsc#1051510). - media: cec: CEC 2.0-only bcast messages were ignored (git-fixes). - media: cec: report Vendor ID after initialization (bsc#1051510). - media: digitv: do not continue if remote control state can't be read (bsc#1051510). - media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 (bsc#1051510). - media: exynos4-is: fix wrong mdev and v4l2 dev order in error path (git-fixes). - media: gspca: zero usb_buf (bsc#1051510). - media: iguanair: fix endpoint sanity check (bsc#1051510). - media: ov6650: Fix control handler not freed on init error (git-fixes). - media: ov6650: Fix crop rectangle alignment not passed back (git-fixes). - media: ov6650: Fix incorrect use of JPEG colorspace (git-fixes). - media: pulse8-cec: fix lost cec_transmit_attempt_done() call. - media: pulse8-cec: return 0 when invalidating the logical address (bsc#1051510). - media: stkwebcam: Bugfix for wrong return values (bsc#1051510). - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (bsc#1051510). - media: uvcvideo: Fix error path in control parsing failure (git-fixes). - media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE (bsc#1051510). - media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510). - media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bsc#1051510). - mei: bus: prefix device names on bus with the bus name (bsc#1051510). - mfd: da9062: Fix watchdog compatible string (bsc#1051510). - mfd: dln2: More sanity checking for endpoints (bsc#1051510). - mfd: rn5t618: Mark ADC control register volatile (bsc#1051510). - missing escaping of backslashes in macro expansions Fixes: f3b74b0ae86b ("rpm/kernel-subpackage-spec: Unify dependency handling.") Fixes: 3fd22e219f77 ("rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959)") - mlxsw: spectrum_qdisc: Ignore grafting of invisible FIFO (bsc#1112374). - mlxsw: spectrum_router: Fix determining underlay for a GRE tunnel (bsc#1112374). - mm, memory_hotplug: do not clear numa_node association after hot_remove (bnc#1115026). - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394). - mm: memory_hotplug: use put_device() if device_register fail (bsc#1159955 ltc#182993). - mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode (bsc#1051510). - mmc: sdhci-of-esdhc: fix P2020 errata handling (bsc#1051510). - mmc: sdhci-of-esdhc: Revert "mmc: sdhci-of-esdhc: add erratum A-009204 support" (bsc#1051510). - mmc: sdhci: Add a quirk for broken command queuing (git-fixes). - mmc: sdhci: fix minimum clock rate for v3 controller (bsc#1051510). - mmc: sdhci: Workaround broken command queuing on Intel GLK (git-fixes). - mmc: spi: Toggle SPI polarity, do not hardcode it (bsc#1051510). - mmc: tegra: fix SDR50 tuning override (bsc#1051510). - moduleparam: fix parameter description mismatch (bsc#1051510). - mod_devicetable: fix PHY module format (networking-stable-19_12_28). - mqprio: Fix out-of-bounds access in mqprio_dump (bsc#1109837). - mtd: fix mtd_oobavail() incoherent returned value (bsc#1051510). - mwifiex: debugfs: correct histogram spacing, formatting (bsc#1051510). - mwifiex: delete unused mwifiex_get_intf_num() (bsc#1111666). - mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() (git-fixes). - mwifiex: fix potential NULL dereference and use after free (bsc#1051510). - mwifiex: update set_mac_address logic (bsc#1111666). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1163851). - net, sysctl: Fix compiler warning when only cBPF is present (bsc#1109837). - net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047). - net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25). - net/mlx4_en: Fix wrong limitation for number of TX rings (bsc#1103989). - net/mlx5: Accumulate levels for chains prio namespaces (bsc#1103990). - net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (bsc#1046303). - net/mlx5: Update the list of the PCI supported devices (bsc#1127611). - net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25). - net/mlx5e: Fix SFF 8472 eeprom length (git-fixes). - net/mlx5e: Query global pause state before setting prio2buffer (bsc#1103990). - net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858). - net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25). - net: add sendmsg_locked and sendpage_locked to af_inet6 (bsc#1144162). - net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16). - net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() (git-fixes). - net: dst: Force 4-byte alignment of dst_metrics (networking-stable-19_12_28). - net: ena: fix napi handler misbehavior when the napi budget is zero (networking-stable-20_01_01). - net: ethernet: octeon_mgmt: Account for second possible VLAN header (networking-stable-19_11_10). - net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16). - net: fix data-race in neigh_event_send() (networking-stable-19_11_10). - net: hisilicon: Fix a BUG trigered by wrong bytes_compl (networking-stable-19_12_28). - net: hns3: fix ETS bandwidth validation bug (bsc#1104353 ). - net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() (networking-stable-19_12_28). - net: phy: at803x: Change error to EINVAL for invalid MAC (bsc#1051510). - net: phy: broadcom: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: Check against net_device being NULL (bsc#1051510). - net: phy: dp83867: Set up RGMII TX delay (bsc#1051510). - net: phy: Fix not to call phy_resume() if PHY is not attached (bsc#1051510). - net: phy: Fix the register offsets in Broadcom iProc mdio mux driver (bsc#1051510). - net: phy: fixed_phy: Fix fixed_phy not checking GPIO (bsc#1051510). - net: phy: marvell: clear wol event before setting it (bsc#1051510). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: meson-gxl: check phy_write return value (bsc#1051510). - net: phy: micrel: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 (bsc#1051510). - net: phy: mscc: read 'vsc8531,vddmac' as an u32 (bsc#1051510). - net: phy: xgene: disable clk on error paths (bsc#1051510). - net: phy: xgmiitorgmii: Check phy_driver ready before accessing (bsc#1051510). - net: phy: xgmiitorgmii: Check read_status results (bsc#1051510). - net: phy: xgmiitorgmii: Support generic PHY status read (bsc#1051510). - net: psample: fix skb_over_panic (networking-stable-19_12_03). - net: qlogic: Fix error paths in ql_alloc_large_buffers() (networking-stable-19_12_28). - net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25). - net: sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key (bsc#1109837). - net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues (bsc#1109837). - net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03). - net: usb: lan78xx: Fix suspend/resume PHY register access error (networking-stable-19_12_28). - net: usb: lan78xx: limit size of local TSO packets (bsc#1051510). - net: usb: qmi_wwan: add support for DW5821e with eSIM support (networking-stable-19_11_10). - net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - new helper: lookup_positive_unlocked() (bsc#1159271). - NFC: fdp: fix incorrect free object (networking-stable-19_11_10). - NFC: pn533: fix bulk-message timeout (bsc#1051510). - NFC: pn544: Adjust indentation in pn544_hci_check_presence (git-fixes). - NFC: st21nfca: fix double free (networking-stable-19_11_10). - nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (bsc#1163774). - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03). - openvswitch: remove another BUG_ON() (networking-stable-19_12_03). - openvswitch: support asymmetric conntrack (networking-stable-19_12_16). - orinoco_usb: fix interface sanity check (git-fixes). - PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() (bsc#1051510). - PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510). - PCI: Add DMA alias quirk for Intel VCA NTB (bsc#1051510). - PCI: Do not disable bridge BARs when assigning bus resources (bsc#1051510). - PCI: pciehp: Avoid returning prematurely from sysfs requests (git-fixes). - PCI: rpaphp: Add drc-info support for hotplug slot registration (bsc#1157480 ltc#181028). - PCI: rpaphp: Annotate and correctly byte swap DRC properties (bsc#1157480 ltc#181028). - PCI: rpaphp: Avoid a sometimes-uninitialized warning (bsc#1157480 ltc#181028). - PCI: rpaphp: Correctly match ibm, my-drc-index to drc-name when using drc-info (bsc#1157480 ltc#181028). - PCI: rpaphp: Do not rely on firmware feature to imply drc-info support (bsc#1157480 ltc#181028). - PCI: rpaphp: Fix up pointer to first drc-info entry (bsc#1157480 ltc#181028). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1114279). - perf/x86/intel: Fix inaccurate period in context switch for auto-reload (bsc#1164315). - phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510). - pinctrl: cherryview: Fix irq_valid_mask calculation (bsc#1111666). - pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bsc#1051510). - pinctrl: xway: fix gpio-hog related boot issues (bsc#1051510). - pktcdvd: remove warning on attempting to register non-passthrough dev (bsc#1051510). - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer (bsc#1051510). - platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes (bsc#1051510). - platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table (bsc#1051510). - PM / AVS: SmartReflex: NULL check before some freeing functions is not needed (bsc#1051510). - PM / Domains: Deal with multiple states but no governor in genpd (bsc#1051510). - power: supply: ltc2941-battery-gauge: fix use-after-free (bsc#1051510). - powerpc/archrandom: fix arch_get_random_seed_int() (bsc#1065729). - powerpc/irq: fix stack overflow verification (bsc#1065729). - powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729). - powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2 (bsc#1061840). - powerpc/papr_scm: Do not enable direct map for a region by default (bsc#1129551). - powerpc/papr_scm: Fix leaking 'bus_desc.provider_name' in some paths (bsc#1142685 ltc#179509). - powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729). - powerpc/powernv: Disable native PCIe port management (bsc#1065729). - powerpc/pseries/hotplug-memory: Change rc variable to bool (bsc#1065729). - powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028 ltc#181740). - powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798). - powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning (bsc#1065729). - powerpc/pseries: Add cpu DLPAR support for drc-info property (bsc#1157480 ltc#181028). - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() (bsc#1065729). - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW (bsc#1065729). - powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() (git-fixes). - powerpc/pseries: Enable support for ibm,drc-info property (bsc#1157480 ltc#181028). - powerpc/pseries: Fix bad drc_index_start value parsing of drc-info entry (bsc#1157480 ltc#181028). - powerpc/pseries: Fix drc-info mappings of logical cpus to drc-index (bsc#1157480 ltc#181028). - powerpc/pseries: Fix vector5 in ibm architecture vector table (bsc#1157480 ltc#181028). - powerpc/pseries: Revert support for ibm,drc-info devtree property (bsc#1157480 ltc#181028). - powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729). - powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery (bsc#1118338 ltc#173734). - powerpc/tools: Do not quote $objdump in scripts (bsc#1065729). - powerpc/xive: Discard ESB load value when interrupt is invalid (bsc#1085030). - powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030). - powerpc/xmon: do not access ASDR in VMs (bsc#1065729). - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: Allow flush_icache_range to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: avoid adjusting memory_limit for capture kernel memory reservation (bsc#1140025 ltc#176086). - powerpc: Enable support for ibm,drc-info devtree property (bsc#1157480 ltc#181028). - powerpc: Fix vDSO clock_getres() (bsc#1065729). - powerpc: reserve memory for capture kernel after hugepages init (bsc#1140025 ltc#176086). - ppp: Adjust indentation into ppp_async_input (git-fixes). - prevent active file list thrashing due to refault detection (VM Performance, bsc#1156286). - pseries/drc-info: Search DRC properties for CPU indexes (bsc#1157480 ltc#181028). - pstore/ram: Write new dumps to start of recycled zones (bsc#1051510). - pwm: Clear chip_data in pwm_put() (bsc#1051510). - pwm: clps711x: Fix period calculation (bsc#1051510). - pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional (git-fixes). - pwm: Remove set but not set variable 'pwm' (git-fixes). - pxa168fb: Fix the function used to release some memory in an error (bsc#1114279) - qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ). - qede: Fix multicast mac configuration (networking-stable-19_12_28). - qede: fix NULL pointer deref in __qede_remove() (networking-stable-19_11_10). - qmi_wwan: Add support for Quectel RM500Q (bsc#1051510). - quota: Check that quota is not dirty before release (bsc#1163858). - quota: fix livelock in dquot_writeback_dquots (bsc#1163857). - r8152: add missing endpoint sanity check (bsc#1051510). - r8152: get default setting of WOL before initializing (bsc#1051510). - random: move FIPS continuous test to output functions (bsc#1155334). - RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244). - RDMA/bnxt_re: Enable SRIOV VF support on Broadcom's 57500 adapter series (bsc#1154916). - RDMA/bnxt_re: Fix chip number validation Broadcom's Gen P5 series (bsc#1157895). - RDMA/bnxt_re: Fix missing le16_to_cpu (bsc#1157895). - RDMA/hns: Bugfix for qpc/cqc timer configuration (bsc#1104427 bsc#1126206). - RDMA/hns: Correct the value of srq_desc_size (bsc#1104427 ). - RDMA/hns: Fix to support 64K page for srq (bsc#1104427 ). - RDMA/hns: Prevent memory leaks of eq->buf_list (bsc#1104427 ). - README.BRANCH: Update the branch name to cve/linux-4.12 - regulator: Fix return value of _set_load() stub (bsc#1051510). - regulator: rk808: Lower log level on optional GPIOs being not available (bsc#1051510). - regulator: rn5t618: fix module aliases (bsc#1051510). - regulator: tps65910: fix a missing check of return value (bsc#1051510). - reiserfs: Fix memory leak of journal device string (bsc#1163867). - reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling (bsc#1163869). - reset: fix reset_control_ops kerneldoc comment (bsc#1051510). - resource: fix locking in find_next_iomem_res() (bsc#1114279). - Revert "locking/pvqspinlock: Do not wait if vCPU is preempted" (bsc#1050549). - rpm/kabi.pl: support new (>=5.4) Module.symvers format (new symbol namespace field) - rpm/kernel-binary.spec.in: Conflict with too old powerpc-utils (jsc#ECO-920, jsc#SLE-11054, jsc#SLE-11322). - rpm/kernel-binary.spec.in: Replace Novell with SUSE - rpm/kernel-subpackage-spec: Exclude kernel-firmware recommends (bsc#1143959) For reducing the dependency on kernel-firmware in sub packages - rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959) - rpm/kernel-subpackage-spec: fix kernel-default-base build There were some issues with recent changes to subpackage dependencies handling: - rpm/kernel-subpackage-spec: Unify dependency handling. - rpm/modules.fips: update module list (bsc#1157853) - rsi_91x_usb: fix interface sanity check (git-fixes). - rtc: cmos: Stop using shared IRQ (bsc#1051510). - rtc: dt-binding: abx80x: fix resistance scale (bsc#1051510). - rtc: hym8563: Return -EINVAL if the time is known to be invalid (bsc#1051510). - rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' (bsc#1051510). - rtc: msm6242: Fix reading of 10-hour digit (bsc#1051510). - rtc: pcf8523: set xtal load capacitance from DT (bsc#1051510). - rtc: s35390a: Change buf's type to u8 in s35390a_init (bsc#1051510). - rtl818x: fix potential use after free (bsc#1051510). - rtl8xxxu: fix interface sanity check (git-fixes). - rtlwifi: Fix MAX MPDU of VHT capability (git-fixes). - rtlwifi: Remove redundant semicolon in wifi.h (git-fixes). - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (bsc#1111666). - s390/qeth: clean up page frag creation (git-fixes). - s390/qeth: consolidate skb allocation (git-fixes). - s390/qeth: ensure linear access to packet headers (git-fixes). - s390/qeth: guard against runt packets (git-fixes). - sched/fair: Add tmp_alone_branch assertion (bnc#1156462). - sched/fair: Fix insertion in rq->leaf_cfs_rq_list (bnc#1156462). - sched/fair: Fix O(nr_cgroups) in the load balancing path (bnc#1156462). - sched/fair: Optimize update_blocked_averages() (bnc#1156462). - sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132). - scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1154601). - scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013). - scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013). - scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013). - scsi: qla2xxx: Consolidate fabric scan (bsc#1158013). - scsi: qla2xxx: Correct fcport flags handling (bsc#1158013). - scsi: qla2xxx: Correctly retrieve and interpret active flash region (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix a NULL pointer dereference in an error path (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix fabric scan hang (bsc#1158013). - scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013). - scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013). - scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013). - scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013). - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013). - scsi: qla2xxx: Fix unbound NVME response length (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013). - scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013). - scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013). - scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013). - scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013). - scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013). - scsi: zfcp: trace channel log even for FCP command responses (git-fixes). - sctp: cache netns in sctp_ep_common (networking-stable-19_12_03). - sctp: fully initialize v4 addr in some functions (networking-stable-19_12_28). - serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bsc#1051510). - serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510). - serial: max310x: Fix tx_empty() callback (bsc#1051510). - serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510). - serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510). - serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510). - sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25). - sfc: Remove 'PCIE error reporting unavailable' (bsc#1161472). - sh_eth: check sh_eth_cpu_data::dual_port when dumping registers (bsc#1051510). - sh_eth: fix dumping ARSTR (bsc#1051510). - sh_eth: fix invalid context bug while calling auto-negotiation by ethtool (bsc#1051510). - sh_eth: fix invalid context bug while changing link options by ethtool (bsc#1051510). - sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510). - sh_eth: fix TXALCR1 offsets (bsc#1051510). - sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333). - smb3: Fix persistent handles reconnect (bsc#1144333). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333). - smb3: remove confusing dmesg when mounting with encryption ("seal") (bsc#1144333). - soc/tegra: fuse: Correct straps' address for older Tegra124 device trees (bsc#1051510). - soc: renesas: rcar-sysc: Add goto to of_node_put() before return (bsc#1051510). - soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot (bsc#1051510). - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch (bsc#1051510). - spi: omap2-mcspi: Set FIFO DMA trigger level to word length (bsc#1051510). - spi: tegra114: clear packed bit for unpacked mode (bsc#1051510). - spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510). - spi: tegra114: fix for unpacked mode transfers (bsc#1051510). - spi: tegra114: flush fifos (bsc#1051510). - spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510). - sr_vendor: support Beurer GL50 evo CD-on-a-chip devices (boo#1164632). - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 (bsc#1051510). - Staging: iio: adt7316: Fix i2c data reading, set the data field (bsc#1051510). - staging: rtl8188eu: fix interface sanity check (bsc#1051510). - staging: rtl8192e: fix potential use after free (bsc#1051510). - staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids (bsc#1051510). - staging: rtl8723bs: Drop ACPI device ids (bsc#1051510). - staging: vt6656: correct packet types for CTS protect, mode (bsc#1051510). - staging: vt6656: Fix false Tx excessive retries reporting (bsc#1051510). - staging: vt6656: use NULLFUCTION stack on mac80211 (bsc#1051510). - staging: wlan-ng: ensure error return is actually returned (bsc#1051510). - stm class: Fix a double free of stm_source_device (bsc#1051510). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810, bsc#1161702). - stop_machine: Atomically queue and wake stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption after queueing stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption when waking two stopper threads (bsc#1088810, bsc#1161702). - tcp: clear tp->packets_out when purging write queue (bsc#1160560). - tcp: do not send empty skb from tcp_write_xmit() (networking-stable-20_01_01). - tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159). - tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16). - thermal: Fix deadlock in thermal thermal_zone_device_check (bsc#1051510). - tipc: fix a missing check of genlmsg_put (bsc#1051510). - tipc: fix link name length check (bsc#1051510). - tipc: fix memory leak in tipc_nl_compat_publ_dump (bsc#1051510). - tipc: fix skb may be leaky in tipc_link_input (bsc#1051510). - tracing: Annotate ftrace_graph_hash pointer with __rcu (git-fixes). - tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu (git-fixes). - tracing: Fix tracing_stat return values in error handling paths (git-fixes). - tracing: Fix very unlikely race of registering two stat tracers (git-fixes). - tracing: Have the histogram compare functions convert to u64 first (bsc#1160210). - tracing: xen: Ordered comparison of function pointers (git-fixes). - tty/serial: atmel: Add is_half_duplex helper (bsc#1051510). - tty: n_hdlc: fix build on SPARC (bsc#1051510). - tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510). - tty: vt: keyboard: reject invalid keycodes (bsc#1051510). - uaccess: Add non-pagefault user-space write function (bsc#1083647). - ubifs: do not trigger assertion on invalid no-key filename (bsc#1163850). - ubifs: Fix deadlock in concurrent bulk-read and writepage (bsc#1163856). - ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag (bsc#1163855). - ubifs: Reject unsupported ioctl flags explicitly (bsc#1163844). - udp: fix integer overflow while computing available space in sk_rcvbuf (networking-stable-20_01_01). - usb-storage: Disable UAS on JMicron SATA enclosure (bsc#1051510). - usb: adutux: fix interface sanity check (bsc#1051510). - usb: Allow USB device to be warm reset in suspended state (bsc#1051510). - usb: atm: ueagle-atm: add missing endpoint check (bsc#1051510). - usb: chipidea: host: Disable port power only if previously enabled (bsc#1051510). - usb: core: fix check for duplicate endpoints (git-fixes). - usb: core: hub: Improved device recognition on remote wakeup (bsc#1051510). - usb: core: urb: fix URB structure initialization function (bsc#1051510). - usb: documentation: flags on usb-storage versus UAS (bsc#1051510). - usb: dwc3: debugfs: Properly print/set link state for HS (bsc#1051510). - usb: dwc3: do not log probe deferrals; but do log other error codes (bsc#1051510). - usb: dwc3: ep0: Clear started flag on completion (bsc#1051510). - usb: dwc3: turn off VBUS when leaving host mode (bsc#1051510). - usb: EHCI: Do not return -EPIPE when hub is disconnected (git-fixes). - usb: gadget: f_ecm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: f_ncm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: legacy: set max_speed to super-speed (bsc#1051510). - usb: gadget: pch_udc: fix use after free (bsc#1051510). - usb: gadget: u_serial: add missing port entry locking (bsc#1051510). - usb: gadget: Zero ffs_io_data (bsc#1051510). - usb: host: xhci-hub: fix extra endianness conversion (bsc#1051510). - usb: idmouse: fix interface sanity checks (bsc#1051510). - usb: mon: Fix a deadlock in usbmon between mmap and read (bsc#1051510). - usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler (bsc#1051510). - usb: musb: dma: Correct parameter passed to IRQ handler (bsc#1051510). - usb: musb: fix idling for suspend after disconnect interrupt (bsc#1051510). - usb: roles: fix a potential use after free (git-fixes). - usb: serial: ch341: handle unbound port at reset_resume (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for U-Blox C099-F9P (bsc#1051510). - usb: serial: io_edgeport: add missing active-port sanity check (bsc#1051510). - usb: serial: io_edgeport: fix epic endpoint lookup (bsc#1051510). - usb: serial: io_edgeport: handle unbound ports on URB completion (bsc#1051510). - usb: serial: io_edgeport: use irqsave() in USB's complete callback (bsc#1051510). - usb: serial: ir-usb: add missing endpoint sanity check (bsc#1051510). - usb: serial: ir-usb: fix IrLAP framing (bsc#1051510). - usb: serial: ir-usb: fix link-speed handling (bsc#1051510). - usb: serial: keyspan: handle unbound ports (bsc#1051510). - usb: serial: opticon: fix control-message timeouts (bsc#1051510). - usb: serial: option: Add support for Quectel RM500Q (bsc#1051510). - usb: serial: option: add support for Quectel RM500Q in QDL mode (git-fixes). - usb: serial: option: add Telit ME910G1 0x110a composition (git-fixes). - usb: serial: option: add ZLP support for 0x1bc7/0x9010 (git-fixes). - usb: serial: quatech2: handle unbound ports (bsc#1051510). - usb: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx (bsc#1051510). - usb: serial: suppress driver bind attributes (bsc#1051510). - usb: typec: tcpci: mask event interrupts when remove driver (bsc#1051510). - usb: uas: heed CAPACITY_HEURISTICS (bsc#1051510). - usb: uas: honor flag to avoid CAPACITY16 (bsc#1051510). - usb: xhci: Fix build warning seen with CONFIG_PM=n (bsc#1051510). - usb: xhci: only set D3hot for pci device (bsc#1051510). - usbip: Fix error path of vhci_recv_ret_submit() (git-fixes). - usbip: Fix receive error in vhci-hcd when using scatter-gather (bsc#1051510). - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 (bsc#1051510). - vhost/vsock: accept only packets with the right dst_cid (networking-stable-20_01_01). - video: backlight: Add devres versions of of_find_backlight (bsc#1090888) Taken for 6010831dde5. - video: backlight: Add of_find_backlight helper in backlight.c (bsc#1090888) Taken for 6010831dde5. - watchdog: max77620_wdt: fix potential build errors (bsc#1051510). - watchdog: rn5t618_wdt: fix module aliases (bsc#1051510). - watchdog: sama5d4: fix WDD value to be always set to max (bsc#1051510). - watchdog: wdat_wdt: fix get_timeleft call for wdat_wdt (bsc#1162557). - wireless: fix enabling channel 12 for custom regulatory domain (bsc#1051510). - wireless: wext: avoid gcc -O3 warning (bsc#1051510). - workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211). - x86/amd_nb: Add PCI device IDs for family 17h, model 70h (bsc#1163206). - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR (bsc#1162619). - x86/intel_rdt: Split resource group removal in two (bsc#1112178). - x86/intel_rdt: Split resource group removal in two (bsc#1112178). - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279). - x86/mce/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279). - x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279). - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279). - x86/mce: Fix possibly incorrect severity calculation on AMD (bsc#1114279). - x86/resctrl: Check monitoring static key in the MBM overflow handler (bsc#1114279). - x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178). - x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178). - x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279). - x86/resctrl: Fix potential memory leak (bsc#1114279). - x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178). - x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178). - x86/resctrl: Fix use-after-free when deleting resource groups (bsc#1114279). - x86/speculation: Fix incorrect MDS/TAA mitigation status (bsc#1114279). - x86/speculation: Fix redundant MDS mitigation message (bsc#1114279). - xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917). - xen/balloon: Support xend-based toolstack take two (bsc#1065600). - xen/blkback: Avoid unmapping unmapped grant pages (bsc#1065600). - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600). - xen: Enable interrupts when calling _cond_resched() (bsc#1065600). - xfrm: Fix transport mode skb control buffer usage (bsc#1161552). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917). - xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510). - xhci: fix USB3 device initiated resume race with roothub autosuspend (bsc#1051510). - xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour (bsc#1051510). - xhci: Increase STS_HALT timeout in xhci_suspend() (bsc#1051510). - xhci: make sure interrupts are restored to correct state (bsc#1051510). - zd1211rw: fix storage endpoint lookup (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-511=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): kernel-devel-azure-4.12.14-8.27.1 kernel-source-azure-4.12.14-8.27.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): kernel-azure-4.12.14-8.27.1 kernel-azure-base-4.12.14-8.27.1 kernel-azure-base-debuginfo-4.12.14-8.27.1 kernel-azure-debuginfo-4.12.14-8.27.1 kernel-azure-devel-4.12.14-8.27.1 kernel-syms-azure-4.12.14-8.27.1 References: https://www.suse.com/security/cve/CVE-2019-14615.html https://www.suse.com/security/cve/CVE-2019-14896.html https://www.suse.com/security/cve/CVE-2019-14897.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-16994.html https://www.suse.com/security/cve/CVE-2019-18808.html https://www.suse.com/security/cve/CVE-2019-19036.html https://www.suse.com/security/cve/CVE-2019-19045.html https://www.suse.com/security/cve/CVE-2019-19051.html https://www.suse.com/security/cve/CVE-2019-19054.html https://www.suse.com/security/cve/CVE-2019-19066.html https://www.suse.com/security/cve/CVE-2019-19318.html https://www.suse.com/security/cve/CVE-2019-19319.html https://www.suse.com/security/cve/CVE-2019-19332.html https://www.suse.com/security/cve/CVE-2019-19338.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-19523.html https://www.suse.com/security/cve/CVE-2019-19526.html https://www.suse.com/security/cve/CVE-2019-19527.html https://www.suse.com/security/cve/CVE-2019-19532.html https://www.suse.com/security/cve/CVE-2019-19533.html https://www.suse.com/security/cve/CVE-2019-19535.html https://www.suse.com/security/cve/CVE-2019-19537.html https://www.suse.com/security/cve/CVE-2019-19767.html https://www.suse.com/security/cve/CVE-2019-19927.html https://www.suse.com/security/cve/CVE-2019-19965.html https://www.suse.com/security/cve/CVE-2019-19966.html https://www.suse.com/security/cve/CVE-2019-20054.html https://www.suse.com/security/cve/CVE-2019-20095.html https://www.suse.com/security/cve/CVE-2019-20096.html https://www.suse.com/security/cve/CVE-2020-7053.html https://www.suse.com/security/cve/CVE-2020-8428.html https://www.suse.com/security/cve/CVE-2020-8648.html https://www.suse.com/security/cve/CVE-2020-8992.html https://bugzilla.suse.com/1046303 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1051858 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1086301 https://bugzilla.suse.com/1086313 https://bugzilla.suse.com/1086314 https://bugzilla.suse.com/1088810 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1103989 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1105392 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1112504 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114685 https://bugzilla.suse.com/1115026 https://bugzilla.suse.com/1118338 https://bugzilla.suse.com/1118661 https://bugzilla.suse.com/1123328 https://bugzilla.suse.com/1126206 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1127611 https://bugzilla.suse.com/1127682 https://bugzilla.suse.com/1129551 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1133147 https://bugzilla.suse.com/1134973 https://bugzilla.suse.com/1140025 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1143959 https://bugzilla.suse.com/1144162 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1151548 https://bugzilla.suse.com/1151910 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1152631 https://bugzilla.suse.com/1153535 https://bugzilla.suse.com/1153917 https://bugzilla.suse.com/1154243 https://bugzilla.suse.com/1154601 https://bugzilla.suse.com/1154768 https://bugzilla.suse.com/1154916 https://bugzilla.suse.com/1155331 https://bugzilla.suse.com/1155334 https://bugzilla.suse.com/1155689 https://bugzilla.suse.com/1156259 https://bugzilla.suse.com/1156286 https://bugzilla.suse.com/1156462 https://bugzilla.suse.com/1157155 https://bugzilla.suse.com/1157157 https://bugzilla.suse.com/1157169 https://bugzilla.suse.com/1157303 https://bugzilla.suse.com/1157424 https://bugzilla.suse.com/1157480 https://bugzilla.suse.com/1157692 https://bugzilla.suse.com/1157853 https://bugzilla.suse.com/1157895 https://bugzilla.suse.com/1157908 https://bugzilla.suse.com/1157966 https://bugzilla.suse.com/1158013 https://bugzilla.suse.com/1158021 https://bugzilla.suse.com/1158026 https://bugzilla.suse.com/1158071 https://bugzilla.suse.com/1158094 https://bugzilla.suse.com/1158132 https://bugzilla.suse.com/1158381 https://bugzilla.suse.com/1158533 https://bugzilla.suse.com/1158819 https://bugzilla.suse.com/1158823 https://bugzilla.suse.com/1158824 https://bugzilla.suse.com/1158827 https://bugzilla.suse.com/1158834 https://bugzilla.suse.com/1158893 https://bugzilla.suse.com/1158900 https://bugzilla.suse.com/1158903 https://bugzilla.suse.com/1158904 https://bugzilla.suse.com/1158954 https://bugzilla.suse.com/1159024 https://bugzilla.suse.com/1159028 https://bugzilla.suse.com/1159271 https://bugzilla.suse.com/1159297 https://bugzilla.suse.com/1159377 https://bugzilla.suse.com/1159394 https://bugzilla.suse.com/1159483 https://bugzilla.suse.com/1159484 https://bugzilla.suse.com/1159500 https://bugzilla.suse.com/1159569 https://bugzilla.suse.com/1159588 https://bugzilla.suse.com/1159841 https://bugzilla.suse.com/1159908 https://bugzilla.suse.com/1159909 https://bugzilla.suse.com/1159910 https://bugzilla.suse.com/1159911 https://bugzilla.suse.com/1159955 https://bugzilla.suse.com/1160147 https://bugzilla.suse.com/1160195 https://bugzilla.suse.com/1160210 https://bugzilla.suse.com/1160211 https://bugzilla.suse.com/1160218 https://bugzilla.suse.com/1160433 https://bugzilla.suse.com/1160442 https://bugzilla.suse.com/1160469 https://bugzilla.suse.com/1160470 https://bugzilla.suse.com/1160476 https://bugzilla.suse.com/1160560 https://bugzilla.suse.com/1160618 https://bugzilla.suse.com/1160678 https://bugzilla.suse.com/1160755 https://bugzilla.suse.com/1160756 https://bugzilla.suse.com/1160784 https://bugzilla.suse.com/1160787 https://bugzilla.suse.com/1160802 https://bugzilla.suse.com/1160803 https://bugzilla.suse.com/1160804 https://bugzilla.suse.com/1160917 https://bugzilla.suse.com/1160966 https://bugzilla.suse.com/1160979 https://bugzilla.suse.com/1161087 https://bugzilla.suse.com/1161243 https://bugzilla.suse.com/1161360 https://bugzilla.suse.com/1161472 https://bugzilla.suse.com/1161514 https://bugzilla.suse.com/1161518 https://bugzilla.suse.com/1161522 https://bugzilla.suse.com/1161523 https://bugzilla.suse.com/1161549 https://bugzilla.suse.com/1161552 https://bugzilla.suse.com/1161674 https://bugzilla.suse.com/1161702 https://bugzilla.suse.com/1161907 https://bugzilla.suse.com/1161931 https://bugzilla.suse.com/1161933 https://bugzilla.suse.com/1161934 https://bugzilla.suse.com/1161935 https://bugzilla.suse.com/1161936 https://bugzilla.suse.com/1161937 https://bugzilla.suse.com/1162028 https://bugzilla.suse.com/1162067 https://bugzilla.suse.com/1162109 https://bugzilla.suse.com/1162139 https://bugzilla.suse.com/1162557 https://bugzilla.suse.com/1162617 https://bugzilla.suse.com/1162618 https://bugzilla.suse.com/1162619 https://bugzilla.suse.com/1162623 https://bugzilla.suse.com/1162928 https://bugzilla.suse.com/1162943 https://bugzilla.suse.com/1163206 https://bugzilla.suse.com/1163383 https://bugzilla.suse.com/1163384 https://bugzilla.suse.com/1163762 https://bugzilla.suse.com/1163774 https://bugzilla.suse.com/1163836 https://bugzilla.suse.com/1163840 https://bugzilla.suse.com/1163841 https://bugzilla.suse.com/1163842 https://bugzilla.suse.com/1163843 https://bugzilla.suse.com/1163844 https://bugzilla.suse.com/1163845 https://bugzilla.suse.com/1163846 https://bugzilla.suse.com/1163849 https://bugzilla.suse.com/1163850 https://bugzilla.suse.com/1163851 https://bugzilla.suse.com/1163852 https://bugzilla.suse.com/1163853 https://bugzilla.suse.com/1163855 https://bugzilla.suse.com/1163856 https://bugzilla.suse.com/1163857 https://bugzilla.suse.com/1163858 https://bugzilla.suse.com/1163859 https://bugzilla.suse.com/1163860 https://bugzilla.suse.com/1163861 https://bugzilla.suse.com/1163862 https://bugzilla.suse.com/1163863 https://bugzilla.suse.com/1163867 https://bugzilla.suse.com/1163869 https://bugzilla.suse.com/1163880 https://bugzilla.suse.com/1164051 https://bugzilla.suse.com/1164069 https://bugzilla.suse.com/1164098 https://bugzilla.suse.com/1164115 https://bugzilla.suse.com/1164314 https://bugzilla.suse.com/1164315 https://bugzilla.suse.com/1164388 https://bugzilla.suse.com/1164471 https://bugzilla.suse.com/1164598 https://bugzilla.suse.com/1164632 From sle-updates at lists.suse.com Thu Feb 27 10:56:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 18:56:42 +0100 (CET) Subject: SUSE-SU-2020:0512-1: moderate: Security update for rsyslog Message-ID: <20200227175642.81ADBF798@maintenance.suse.de> SUSE Security Update: Security update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0512-1 Rating: moderate References: #1015203 #1022804 #1084682 #1087920 #1153451 #1153459 Cross-References: CVE-2019-17041 CVE-2019-17042 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for rsyslog fixes the following issues: Security issues fixed: - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451). - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459). Non-security issues fixed: - Handle multiline messages correctly when using the imfile module. (bsc#1015203) - Fix a race condition in the shutdown sequence in wtp that was causing rsyslog not to shutdown properly. (bsc#1022804) - Fixed a rsyslogd SIGABORT crash if a path does not exists (bsc#1087920). - Fixed an issue where configuration templates where not consistently flushed (bsc#1084682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-512=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-512=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-512=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-512=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): rsyslog-8.4.0-18.13.1 rsyslog-debuginfo-8.4.0-18.13.1 rsyslog-debugsource-8.4.0-18.13.1 rsyslog-diag-tools-8.4.0-18.13.1 rsyslog-diag-tools-debuginfo-8.4.0-18.13.1 rsyslog-doc-8.4.0-18.13.1 rsyslog-module-gssapi-8.4.0-18.13.1 rsyslog-module-gssapi-debuginfo-8.4.0-18.13.1 rsyslog-module-gtls-8.4.0-18.13.1 rsyslog-module-gtls-debuginfo-8.4.0-18.13.1 rsyslog-module-mysql-8.4.0-18.13.1 rsyslog-module-mysql-debuginfo-8.4.0-18.13.1 rsyslog-module-pgsql-8.4.0-18.13.1 rsyslog-module-pgsql-debuginfo-8.4.0-18.13.1 rsyslog-module-relp-8.4.0-18.13.1 rsyslog-module-relp-debuginfo-8.4.0-18.13.1 rsyslog-module-snmp-8.4.0-18.13.1 rsyslog-module-snmp-debuginfo-8.4.0-18.13.1 rsyslog-module-udpspoof-8.4.0-18.13.1 rsyslog-module-udpspoof-debuginfo-8.4.0-18.13.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): rsyslog-8.4.0-18.13.1 rsyslog-debuginfo-8.4.0-18.13.1 rsyslog-debugsource-8.4.0-18.13.1 rsyslog-diag-tools-8.4.0-18.13.1 rsyslog-diag-tools-debuginfo-8.4.0-18.13.1 rsyslog-doc-8.4.0-18.13.1 rsyslog-module-gssapi-8.4.0-18.13.1 rsyslog-module-gssapi-debuginfo-8.4.0-18.13.1 rsyslog-module-gtls-8.4.0-18.13.1 rsyslog-module-gtls-debuginfo-8.4.0-18.13.1 rsyslog-module-mysql-8.4.0-18.13.1 rsyslog-module-mysql-debuginfo-8.4.0-18.13.1 rsyslog-module-pgsql-8.4.0-18.13.1 rsyslog-module-pgsql-debuginfo-8.4.0-18.13.1 rsyslog-module-relp-8.4.0-18.13.1 rsyslog-module-relp-debuginfo-8.4.0-18.13.1 rsyslog-module-snmp-8.4.0-18.13.1 rsyslog-module-snmp-debuginfo-8.4.0-18.13.1 rsyslog-module-udpspoof-8.4.0-18.13.1 rsyslog-module-udpspoof-debuginfo-8.4.0-18.13.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): rsyslog-8.4.0-18.13.1 rsyslog-debuginfo-8.4.0-18.13.1 rsyslog-debugsource-8.4.0-18.13.1 rsyslog-diag-tools-8.4.0-18.13.1 rsyslog-diag-tools-debuginfo-8.4.0-18.13.1 rsyslog-doc-8.4.0-18.13.1 rsyslog-module-gssapi-8.4.0-18.13.1 rsyslog-module-gssapi-debuginfo-8.4.0-18.13.1 rsyslog-module-gtls-8.4.0-18.13.1 rsyslog-module-gtls-debuginfo-8.4.0-18.13.1 rsyslog-module-mysql-8.4.0-18.13.1 rsyslog-module-mysql-debuginfo-8.4.0-18.13.1 rsyslog-module-pgsql-8.4.0-18.13.1 rsyslog-module-pgsql-debuginfo-8.4.0-18.13.1 rsyslog-module-relp-8.4.0-18.13.1 rsyslog-module-relp-debuginfo-8.4.0-18.13.1 rsyslog-module-snmp-8.4.0-18.13.1 rsyslog-module-snmp-debuginfo-8.4.0-18.13.1 rsyslog-module-udpspoof-8.4.0-18.13.1 rsyslog-module-udpspoof-debuginfo-8.4.0-18.13.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): rsyslog-8.4.0-18.13.1 rsyslog-debuginfo-8.4.0-18.13.1 rsyslog-debugsource-8.4.0-18.13.1 rsyslog-diag-tools-8.4.0-18.13.1 rsyslog-diag-tools-debuginfo-8.4.0-18.13.1 rsyslog-doc-8.4.0-18.13.1 rsyslog-module-gssapi-8.4.0-18.13.1 rsyslog-module-gssapi-debuginfo-8.4.0-18.13.1 rsyslog-module-gtls-8.4.0-18.13.1 rsyslog-module-gtls-debuginfo-8.4.0-18.13.1 rsyslog-module-mysql-8.4.0-18.13.1 rsyslog-module-mysql-debuginfo-8.4.0-18.13.1 rsyslog-module-pgsql-8.4.0-18.13.1 rsyslog-module-pgsql-debuginfo-8.4.0-18.13.1 rsyslog-module-relp-8.4.0-18.13.1 rsyslog-module-relp-debuginfo-8.4.0-18.13.1 rsyslog-module-snmp-8.4.0-18.13.1 rsyslog-module-snmp-debuginfo-8.4.0-18.13.1 rsyslog-module-udpspoof-8.4.0-18.13.1 rsyslog-module-udpspoof-debuginfo-8.4.0-18.13.1 References: https://www.suse.com/security/cve/CVE-2019-17041.html https://www.suse.com/security/cve/CVE-2019-17042.html https://bugzilla.suse.com/1015203 https://bugzilla.suse.com/1022804 https://bugzilla.suse.com/1084682 https://bugzilla.suse.com/1087920 https://bugzilla.suse.com/1153451 https://bugzilla.suse.com/1153459 From sle-updates at lists.suse.com Thu Feb 27 13:13:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Feb 2020 21:13:18 +0100 (CET) Subject: SUSE-RU-2020:0521-1: moderate: Recommended update for c-ares Message-ID: <20200227201318.DE9E4F79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for c-ares ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0521-1 Rating: moderate References: #1125306 #1159006 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for c-ares fixes the following issues: c-ares version update to 1.15.0: * Add ares_init_options() configurability for path to resolv.conf file * Ability to exclude building of tools (adig, ahost, acountry) in CMake * Report ARES_ENOTFOUND for .onion domain names as per RFC7686 (bsc#1125306) * Apply the IPv6 server blacklist to all nameserver sources * Prevent changing name servers while queries are outstanding * ares_set_servers_csv() on failure should not leave channel in a bad state * getaddrinfo - avoid infinite loop in case of NXDOMAIN * ares_getenv - return NULL in all cases * implement ares_getaddrinfo - Fixed a regression in DNS results that contain both A and AAAA answers. - Add netcfg as the build requirement and runtime requirement. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-521=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-521=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-521=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): c-ares-debugsource-1.15.0+20200117-3.5.1 libcares2-32bit-1.15.0+20200117-3.5.1 libcares2-32bit-debuginfo-1.15.0+20200117-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): c-ares-debugsource-1.15.0+20200117-3.5.1 c-ares-devel-1.15.0+20200117-3.5.1 libcares2-1.15.0+20200117-3.5.1 libcares2-debuginfo-1.15.0+20200117-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): c-ares-debugsource-1.15.0+20200117-3.5.1 c-ares-devel-1.15.0+20200117-3.5.1 libcares2-1.15.0+20200117-3.5.1 libcares2-debuginfo-1.15.0+20200117-3.5.1 References: https://bugzilla.suse.com/1125306 https://bugzilla.suse.com/1159006 From sle-updates at lists.suse.com Fri Feb 28 07:13:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 15:13:39 +0100 (CET) Subject: SUSE-RU-2020:0529-1: moderate: Recommended update for zziplib Message-ID: <20200228141339.62CADF79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for zziplib ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0529-1 Rating: moderate References: #1154002 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zziplib fixes the following issues: - Implement an error message with a condition by checking the return value of a function call. (bsc#1154002) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-529=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2020-529=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-529=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-529=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-529=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libzzip-0-13-0.13.67-10.30.1 libzzip-0-13-debuginfo-0.13.67-10.30.1 zziplib-debugsource-0.13.67-10.30.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libzzip-0-13-0.13.67-10.30.1 libzzip-0-13-debuginfo-0.13.67-10.30.1 zziplib-debugsource-0.13.67-10.30.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libzzip-0-13-0.13.67-10.30.1 libzzip-0-13-debuginfo-0.13.67-10.30.1 zziplib-debugsource-0.13.67-10.30.1 zziplib-devel-0.13.67-10.30.1 zziplib-devel-debuginfo-0.13.67-10.30.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libzzip-0-13-0.13.67-10.30.1 libzzip-0-13-debuginfo-0.13.67-10.30.1 zziplib-debugsource-0.13.67-10.30.1 zziplib-devel-0.13.67-10.30.1 zziplib-devel-debuginfo-0.13.67-10.30.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libzzip-0-13-0.13.67-10.30.1 libzzip-0-13-debuginfo-0.13.67-10.30.1 zziplib-debugsource-0.13.67-10.30.1 References: https://bugzilla.suse.com/1154002 From sle-updates at lists.suse.com Fri Feb 28 07:16:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 15:16:28 +0100 (CET) Subject: SUSE-SU-2020:0523-1: moderate: Security update for mariadb-100 Message-ID: <20200228141628.B501CF79E@maintenance.suse.de> SUSE Security Update: Security update for mariadb-100 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0523-1 Rating: moderate References: #1162388 Cross-References: CVE-2020-2574 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mariadb-100 fixes the following issues: MariaDB was updated to version 10.0.40-3 (bsc#1162388). Security issue fixed: - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-523=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2020-523=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-523=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-523=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-523=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-523=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libmysqlclient_r18-10.0.40.3-2.15.1 libmysqlclient_r18-32bit-10.0.40.3-2.15.1 mariadb-100-debuginfo-10.0.40.3-2.15.1 mariadb-100-debugsource-10.0.40.3-2.15.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libmysqlclient_r18-10.0.40.3-2.15.1 libmysqlclient_r18-32bit-10.0.40.3-2.15.1 mariadb-100-debuginfo-10.0.40.3-2.15.1 mariadb-100-debugsource-10.0.40.3-2.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.40.3-2.15.1 libmysqlclient_r18-10.0.40.3-2.15.1 libmysqld-devel-10.0.40.3-2.15.1 libmysqld18-10.0.40.3-2.15.1 libmysqld18-debuginfo-10.0.40.3-2.15.1 mariadb-100-debuginfo-10.0.40.3-2.15.1 mariadb-100-debugsource-10.0.40.3-2.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.40.3-2.15.1 libmysqlclient_r18-10.0.40.3-2.15.1 libmysqld-devel-10.0.40.3-2.15.1 libmysqld18-10.0.40.3-2.15.1 libmysqld18-debuginfo-10.0.40.3-2.15.1 mariadb-100-debuginfo-10.0.40.3-2.15.1 mariadb-100-debugsource-10.0.40.3-2.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libmysqlclient18-10.0.40.3-2.15.1 libmysqlclient18-debuginfo-10.0.40.3-2.15.1 mariadb-100-debuginfo-10.0.40.3-2.15.1 mariadb-100-debugsource-10.0.40.3-2.15.1 mariadb-100-errormessages-10.0.40.3-2.15.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libmysqlclient18-32bit-10.0.40.3-2.15.1 libmysqlclient18-debuginfo-32bit-10.0.40.3-2.15.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libmysqlclient18-10.0.40.3-2.15.1 libmysqlclient18-debuginfo-10.0.40.3-2.15.1 mariadb-100-debuginfo-10.0.40.3-2.15.1 mariadb-100-debugsource-10.0.40.3-2.15.1 mariadb-100-errormessages-10.0.40.3-2.15.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libmysqlclient18-32bit-10.0.40.3-2.15.1 libmysqlclient18-debuginfo-32bit-10.0.40.3-2.15.1 References: https://www.suse.com/security/cve/CVE-2020-2574.html https://bugzilla.suse.com/1162388 From sle-updates at lists.suse.com Fri Feb 28 07:19:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 15:19:19 +0100 (CET) Subject: SUSE-SU-2020:0527-1: moderate: Security update for mariadb Message-ID: <20200228141919.80BBFF79E@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0527-1 Rating: moderate References: #1077717 #1160895 #1160912 #1162388 Cross-References: CVE-2019-18901 CVE-2020-2574 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for mariadb fixes the following issues: MariaDB was updated to version 10.0.40-3 (bsc#1162388). Security issues fixed: - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388). - CVE-2019-18901: Fixed an unsafe path handling behavior in mysql-systemd-helper (bsc#1160895). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-527=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-527=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-527=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libmysqlclient18-10.0.40.3-29.38.1 libmysqlclient18-debuginfo-10.0.40.3-29.38.1 - SUSE OpenStack Cloud 8 (x86_64): libmysqlclient18-10.0.40.3-29.38.1 libmysqlclient18-debuginfo-10.0.40.3-29.38.1 - HPE Helion Openstack 8 (x86_64): libmysqlclient18-10.0.40.3-29.38.1 libmysqlclient18-debuginfo-10.0.40.3-29.38.1 References: https://www.suse.com/security/cve/CVE-2019-18901.html https://www.suse.com/security/cve/CVE-2020-2574.html https://bugzilla.suse.com/1077717 https://bugzilla.suse.com/1160895 https://bugzilla.suse.com/1160912 https://bugzilla.suse.com/1162388 From sle-updates at lists.suse.com Fri Feb 28 07:22:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 15:22:33 +0100 (CET) Subject: SUSE-RU-2020:0530-1: moderate: Recommended update for yast2-nfs-client Message-ID: <20200228142233.86AB9F79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-nfs-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0530-1 Rating: moderate References: #1006815 #1060159 #1149754 #1151426 #1156446 #1161687 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Installer 15-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for yast2-nfs-client fixes the following issues: - Avoids displaying phantom NFS entries adding an action to refresh the UI. (bsc#1156446) - Delegates mount/unmount actions to yast2-storage-ng. (bsc#1006815) - Keeps mount point status for existing shares. (bsc#1151426) - Neglect unmounted mount entries. (bsc#1060159) - Kill rpcbind process if it was directly executed without using systemd. (bsc#1161687) This update for yast2-storage-ng fixes the following issues: - Improve integration with yast2-nfs-client. (bsc#1006815, bsc#1151426) This update for libstorage-ng fixes the following issues: - Translated using Weblate (Finnish, Estonian). (bsc#1149754) - Allow optional fstab columns and ensure 0 as default value for omitted columns. - Un/mount when mount point is/was active. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-530=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-530=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-530=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2020-530=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-4.1.107-4.11.8 libstorage-ng-debugsource-4.1.107-4.11.8 libstorage-ng-integration-tests-4.1.107-4.11.8 libstorage-ng-python3-4.1.107-4.11.8 libstorage-ng-python3-debuginfo-4.1.107-4.11.8 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-4.1.107-4.11.8 libstorage-ng-debugsource-4.1.107-4.11.8 libstorage-ng-utils-4.1.107-4.11.8 libstorage-ng-utils-debuginfo-4.1.107-4.11.8 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-4.1.107-4.11.8 libstorage-ng-debugsource-4.1.107-4.11.8 libstorage-ng-devel-4.1.107-4.11.8 libstorage-ng-ruby-4.1.107-4.11.8 libstorage-ng-ruby-debuginfo-4.1.107-4.11.8 libstorage-ng1-4.1.107-4.11.8 libstorage-ng1-debuginfo-4.1.107-4.11.8 yast2-storage-ng-4.1.91-3.19.15 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libstorage-ng-lang-4.1.107-4.11.8 yast2-nfs-client-4.1.8-3.7.7 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libstorage-ng-ruby-4.1.107-4.11.8 libstorage-ng1-4.1.107-4.11.8 libstorage-ng1-debuginfo-4.1.107-4.11.8 yast2-storage-ng-4.1.91-3.19.15 References: https://bugzilla.suse.com/1006815 https://bugzilla.suse.com/1060159 https://bugzilla.suse.com/1149754 https://bugzilla.suse.com/1151426 https://bugzilla.suse.com/1156446 https://bugzilla.suse.com/1161687 From sle-updates at lists.suse.com Fri Feb 28 07:26:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 15:26:00 +0100 (CET) Subject: SUSE-SU-2020:0522-1: moderate: Security update for php5 Message-ID: <20200228142600.27FE0F79E@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0522-1 Rating: moderate References: #1145095 #1146360 #1154999 #1159922 #1159923 #1159924 #1159927 #1161982 #1162629 #1162632 Cross-References: CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 CVE-2020-7059 CVE-2020-7060 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). - CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923). - CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924). - CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922). - CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927). - CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). - CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-522=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-522=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.68.1 php5-debugsource-5.5.14-109.68.1 php5-devel-5.5.14-109.68.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.68.1 apache2-mod_php5-debuginfo-5.5.14-109.68.1 php5-5.5.14-109.68.1 php5-bcmath-5.5.14-109.68.1 php5-bcmath-debuginfo-5.5.14-109.68.1 php5-bz2-5.5.14-109.68.1 php5-bz2-debuginfo-5.5.14-109.68.1 php5-calendar-5.5.14-109.68.1 php5-calendar-debuginfo-5.5.14-109.68.1 php5-ctype-5.5.14-109.68.1 php5-ctype-debuginfo-5.5.14-109.68.1 php5-curl-5.5.14-109.68.1 php5-curl-debuginfo-5.5.14-109.68.1 php5-dba-5.5.14-109.68.1 php5-dba-debuginfo-5.5.14-109.68.1 php5-debuginfo-5.5.14-109.68.1 php5-debugsource-5.5.14-109.68.1 php5-dom-5.5.14-109.68.1 php5-dom-debuginfo-5.5.14-109.68.1 php5-enchant-5.5.14-109.68.1 php5-enchant-debuginfo-5.5.14-109.68.1 php5-exif-5.5.14-109.68.1 php5-exif-debuginfo-5.5.14-109.68.1 php5-fastcgi-5.5.14-109.68.1 php5-fastcgi-debuginfo-5.5.14-109.68.1 php5-fileinfo-5.5.14-109.68.1 php5-fileinfo-debuginfo-5.5.14-109.68.1 php5-fpm-5.5.14-109.68.1 php5-fpm-debuginfo-5.5.14-109.68.1 php5-ftp-5.5.14-109.68.1 php5-ftp-debuginfo-5.5.14-109.68.1 php5-gd-5.5.14-109.68.1 php5-gd-debuginfo-5.5.14-109.68.1 php5-gettext-5.5.14-109.68.1 php5-gettext-debuginfo-5.5.14-109.68.1 php5-gmp-5.5.14-109.68.1 php5-gmp-debuginfo-5.5.14-109.68.1 php5-iconv-5.5.14-109.68.1 php5-iconv-debuginfo-5.5.14-109.68.1 php5-imap-5.5.14-109.68.1 php5-imap-debuginfo-5.5.14-109.68.1 php5-intl-5.5.14-109.68.1 php5-intl-debuginfo-5.5.14-109.68.1 php5-json-5.5.14-109.68.1 php5-json-debuginfo-5.5.14-109.68.1 php5-ldap-5.5.14-109.68.1 php5-ldap-debuginfo-5.5.14-109.68.1 php5-mbstring-5.5.14-109.68.1 php5-mbstring-debuginfo-5.5.14-109.68.1 php5-mcrypt-5.5.14-109.68.1 php5-mcrypt-debuginfo-5.5.14-109.68.1 php5-mysql-5.5.14-109.68.1 php5-mysql-debuginfo-5.5.14-109.68.1 php5-odbc-5.5.14-109.68.1 php5-odbc-debuginfo-5.5.14-109.68.1 php5-opcache-5.5.14-109.68.1 php5-opcache-debuginfo-5.5.14-109.68.1 php5-openssl-5.5.14-109.68.1 php5-openssl-debuginfo-5.5.14-109.68.1 php5-pcntl-5.5.14-109.68.1 php5-pcntl-debuginfo-5.5.14-109.68.1 php5-pdo-5.5.14-109.68.1 php5-pdo-debuginfo-5.5.14-109.68.1 php5-pgsql-5.5.14-109.68.1 php5-pgsql-debuginfo-5.5.14-109.68.1 php5-phar-5.5.14-109.68.1 php5-phar-debuginfo-5.5.14-109.68.1 php5-posix-5.5.14-109.68.1 php5-posix-debuginfo-5.5.14-109.68.1 php5-pspell-5.5.14-109.68.1 php5-pspell-debuginfo-5.5.14-109.68.1 php5-shmop-5.5.14-109.68.1 php5-shmop-debuginfo-5.5.14-109.68.1 php5-snmp-5.5.14-109.68.1 php5-snmp-debuginfo-5.5.14-109.68.1 php5-soap-5.5.14-109.68.1 php5-soap-debuginfo-5.5.14-109.68.1 php5-sockets-5.5.14-109.68.1 php5-sockets-debuginfo-5.5.14-109.68.1 php5-sqlite-5.5.14-109.68.1 php5-sqlite-debuginfo-5.5.14-109.68.1 php5-suhosin-5.5.14-109.68.1 php5-suhosin-debuginfo-5.5.14-109.68.1 php5-sysvmsg-5.5.14-109.68.1 php5-sysvmsg-debuginfo-5.5.14-109.68.1 php5-sysvsem-5.5.14-109.68.1 php5-sysvsem-debuginfo-5.5.14-109.68.1 php5-sysvshm-5.5.14-109.68.1 php5-sysvshm-debuginfo-5.5.14-109.68.1 php5-tokenizer-5.5.14-109.68.1 php5-tokenizer-debuginfo-5.5.14-109.68.1 php5-wddx-5.5.14-109.68.1 php5-wddx-debuginfo-5.5.14-109.68.1 php5-xmlreader-5.5.14-109.68.1 php5-xmlreader-debuginfo-5.5.14-109.68.1 php5-xmlrpc-5.5.14-109.68.1 php5-xmlrpc-debuginfo-5.5.14-109.68.1 php5-xmlwriter-5.5.14-109.68.1 php5-xmlwriter-debuginfo-5.5.14-109.68.1 php5-xsl-5.5.14-109.68.1 php5-xsl-debuginfo-5.5.14-109.68.1 php5-zip-5.5.14-109.68.1 php5-zip-debuginfo-5.5.14-109.68.1 php5-zlib-5.5.14-109.68.1 php5-zlib-debuginfo-5.5.14-109.68.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.68.1 References: https://www.suse.com/security/cve/CVE-2019-11041.html https://www.suse.com/security/cve/CVE-2019-11042.html https://www.suse.com/security/cve/CVE-2019-11043.html https://www.suse.com/security/cve/CVE-2019-11045.html https://www.suse.com/security/cve/CVE-2019-11046.html https://www.suse.com/security/cve/CVE-2019-11047.html https://www.suse.com/security/cve/CVE-2019-11050.html https://www.suse.com/security/cve/CVE-2020-7059.html https://www.suse.com/security/cve/CVE-2020-7060.html https://bugzilla.suse.com/1145095 https://bugzilla.suse.com/1146360 https://bugzilla.suse.com/1154999 https://bugzilla.suse.com/1159922 https://bugzilla.suse.com/1159923 https://bugzilla.suse.com/1159924 https://bugzilla.suse.com/1159927 https://bugzilla.suse.com/1161982 https://bugzilla.suse.com/1162629 https://bugzilla.suse.com/1162632 From sle-updates at lists.suse.com Fri Feb 28 07:29:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 15:29:43 +0100 (CET) Subject: SUSE-RU-2020:0526-1: moderate: Recommended update for nautilus Message-ID: <20200228142943.E5A07F79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for nautilus ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0526-1 Rating: moderate References: #1160112 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nautilus fixes the following issues: - When unmounting disk from file view context menu, desktop shows notification (bsc#1160112 glgo#GNOME/nautilus#379). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-526=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-526=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libnautilus-extension1-32bit-3.26.2-4.8.1 libnautilus-extension1-32bit-debuginfo-3.26.2-4.8.1 nautilus-debugsource-3.26.2-4.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.26.2-4.8.1 libnautilus-extension1-3.26.2-4.8.1 libnautilus-extension1-debuginfo-3.26.2-4.8.1 nautilus-3.26.2-4.8.1 nautilus-debuginfo-3.26.2-4.8.1 nautilus-debugsource-3.26.2-4.8.1 nautilus-devel-3.26.2-4.8.1 typelib-1_0-Nautilus-3_0-3.26.2-4.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): nautilus-lang-3.26.2-4.8.1 References: https://bugzilla.suse.com/1160112 From sle-updates at lists.suse.com Fri Feb 28 07:32:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 15:32:34 +0100 (CET) Subject: SUSE-RU-2020:0525-1: moderate: Recommended update for pam Message-ID: <20200228143234.D71ECF79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0525-1 Rating: moderate References: #1164562 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-525=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-525=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): pam-32bit-debuginfo-1.3.0-6.9.2 pam-debugsource-1.3.0-6.9.2 pam-devel-32bit-1.3.0-6.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): pam-1.3.0-6.9.2 pam-debuginfo-1.3.0-6.9.2 pam-debugsource-1.3.0-6.9.2 pam-devel-1.3.0-6.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): pam-doc-1.3.0-6.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): pam-32bit-1.3.0-6.9.2 pam-32bit-debuginfo-1.3.0-6.9.2 References: https://bugzilla.suse.com/1164562 From sle-updates at lists.suse.com Fri Feb 28 07:35:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 15:35:20 +0100 (CET) Subject: SUSE-RU-2020:0524-1: moderate: Recommended update for pesign-obs-integration Message-ID: <20200228143520.4DAE6F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign-obs-integration ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0524-1 Rating: moderate References: #1163524 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pesign-obs-integration fixes the following issues: - Change signing the s390x kernel image to use kernel-sign-files and not pesign (bsc#1163524) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-524=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): pesign-obs-integration-10.1-3.9.1 References: https://bugzilla.suse.com/1163524 From sle-updates at lists.suse.com Fri Feb 28 07:38:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 15:38:12 +0100 (CET) Subject: SUSE-SU-2020:0528-1: important: Security update for java-1_8_0-ibm Message-ID: <20200228143812.77A5CF798@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0528-1 Rating: important References: #1160968 #1162972 Cross-References: CVE-2019-4732 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: Java 8.0 was updated to Service Refresh 6 Fix Pack 5 (bsc#1162972, bsc#1160968) - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2019-4732: Untrusted DLL search path vulnerability - CVE-2020-2593: Normalize normalization for all - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-528=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-528=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-528=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-528=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-528=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-528=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-528=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-528=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-528=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-528=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-528=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-528=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-528=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-528=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-528=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-528=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-528=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_8_0-ibm-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_8_0-ibm-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63.1 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-devel-1.8.0_sr6.5-30.63.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-devel-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-ibm-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-devel-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-devel-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-devel-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-devel-1.8.0_sr6.5-30.63.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63.1 - SUSE Enterprise Storage 5 (x86_64): java-1_8_0-ibm-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63.1 - HPE Helion Openstack 8 (x86_64): java-1_8_0-ibm-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63.1 java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63.1 References: https://www.suse.com/security/cve/CVE-2019-4732.html https://www.suse.com/security/cve/CVE-2020-2583.html https://www.suse.com/security/cve/CVE-2020-2593.html https://www.suse.com/security/cve/CVE-2020-2604.html https://www.suse.com/security/cve/CVE-2020-2659.html https://bugzilla.suse.com/1160968 https://bugzilla.suse.com/1162972 From sle-updates at lists.suse.com Fri Feb 28 10:13:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 18:13:39 +0100 (CET) Subject: SUSE-SU-2020:0540-1: moderate: Security Beta update for Salt Message-ID: <20200228171339.D5B4FF79E@maintenance.suse.de> SUSE Security Update: Security Beta update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0540-1 Rating: moderate References: #1163981 Cross-References: CVE-2019-17361 Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following issues: salt: - Fix 'os_family' grain for Astra Linux Common Edition - Update to Salt version 2019.2.3 (CVE-2019-17361) (bsc#1163981) See release notes: https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html - Enable passing grains to start event based on 'start_event_grains' configuration parameter Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-2020-540=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): python2-salt-2019.2.3-8.9.1 python3-salt-2019.2.3-8.9.1 salt-2019.2.3-8.9.1 salt-api-2019.2.3-8.9.1 salt-cloud-2019.2.3-8.9.1 salt-doc-2019.2.3-8.9.1 salt-master-2019.2.3-8.9.1 salt-minion-2019.2.3-8.9.1 salt-proxy-2019.2.3-8.9.1 salt-ssh-2019.2.3-8.9.1 salt-standalone-formulas-configuration-2019.2.3-8.9.1 salt-syndic-2019.2.3-8.9.1 - SUSE Manager Tools 15-BETA (noarch): salt-bash-completion-2019.2.3-8.9.1 salt-fish-completion-2019.2.3-8.9.1 salt-zsh-completion-2019.2.3-8.9.1 References: https://www.suse.com/security/cve/CVE-2019-17361.html https://bugzilla.suse.com/1163981 From sle-updates at lists.suse.com Fri Feb 28 10:16:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 18:16:26 +0100 (CET) Subject: SUSE-RU-2020:0539-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20200228171626.C61C9F79E@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0539-1 Rating: moderate References: #1155372 #1163871 Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: POS_Image-Graphical7: - Add xfsprogs to the image description to make XFS available POS_Image-JeOS7: - Add xfsprogs to the image description to make XFS available dracut-saltboot: - Add support for FQDN as a terminal name spacecmd: - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) spacewalk-client-tools: - Spell correctly "successful" and "successfully" Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-2020-539=1 Package List: - SUSE Manager Tools 15-BETA (noarch): POS_Image-Graphical7-0.1.1580471316.1839544-3.9.1 POS_Image-JeOS7-0.1.1580471316.1839544-3.9.1 dracut-saltboot-0.1.1580471316.1839544-3.9.1 python3-spacewalk-check-4.1.2-6.6.1 python3-spacewalk-client-setup-4.1.2-6.6.1 python3-spacewalk-client-tools-4.1.2-6.6.1 spacecmd-4.1.3-6.6.1 spacewalk-check-4.1.2-6.6.1 spacewalk-client-setup-4.1.2-6.6.1 spacewalk-client-tools-4.1.2-6.6.1 References: https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1163871 From sle-updates at lists.suse.com Fri Feb 28 10:19:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 18:19:21 +0100 (CET) Subject: SUSE-SU-2020:14303-1: moderate: Security Beta update for Salt Message-ID: <20200228171921.3E0EDF79E@maintenance.suse.de> SUSE Security Update: Security Beta update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14303-1 Rating: moderate References: #1163981 Cross-References: CVE-2019-17361 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following issues: salt: - Fix 'os_family' grain for Astra Linux Common Edition - Update to Salt version 2019.2.3 (CVE-2019-17361) (bsc#1163981) See release notes: https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html - Enable passing grains to start event based on 'start_event_grains' configuration parameter Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA: zypper in -t patch suse-ubu184ct-salt-beta-202002-14303=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA (all): salt-common-2019.2.2+ds-1.1+27.9.1 salt-minion-2019.2.2+ds-1.1+27.9.1 References: https://www.suse.com/security/cve/CVE-2019-17361.html https://bugzilla.suse.com/1163981 From sle-updates at lists.suse.com Fri Feb 28 10:22:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 18:22:09 +0100 (CET) Subject: SUSE-RU-2020:14299-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20200228172209.79A79F79E@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14299-1 Rating: moderate References: #1136667 #1155372 #1163871 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: kiwi-desc-saltboot: - Add support for FQDN as a terminal name - Workaround for dig writing error messages to stdout - Fix incompatibility of dig with SLE12SP3 version (bsc#1136667) - Fix incompatibility with Microsoft DNS (bsc#1136667) - Updated copyrights and bug reporting link spacecmd: - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) spacewalk-client-tools: - Spell correctly "successful" and "successfully" Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA: zypper in -t patch slesctsp4-client-tools-beta-202002-14299=1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-beta-202002-14299=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA: zypper in -t patch slesctsp3-client-tools-beta-202002-14299=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-beta-202002-14299=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA (i586 ia64 ppc64 s390x x86_64): python2-spacewalk-check-4.1.2-30.6.1 python2-spacewalk-client-setup-4.1.2-30.6.1 python2-spacewalk-client-tools-4.1.2-30.6.1 spacecmd-4.1.3-21.6.1 spacewalk-check-4.1.2-30.6.1 spacewalk-client-setup-4.1.2-30.6.1 spacewalk-client-tools-4.1.2-30.6.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): kiwi-desc-saltboot-0.1.1580471316.1839544-5.6.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA (i586 ia64 ppc64 s390x x86_64): python2-spacewalk-check-4.1.2-30.6.1 python2-spacewalk-client-setup-4.1.2-30.6.1 python2-spacewalk-client-tools-4.1.2-30.6.1 spacecmd-4.1.3-21.6.1 spacewalk-check-4.1.2-30.6.1 spacewalk-client-setup-4.1.2-30.6.1 spacewalk-client-tools-4.1.2-30.6.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): kiwi-desc-saltboot-0.1.1580471316.1839544-5.6.1 References: https://bugzilla.suse.com/1136667 https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1163871 From sle-updates at lists.suse.com Fri Feb 28 10:25:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 18:25:12 +0100 (CET) Subject: SUSE-RU-2020:14302-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20200228172512.8D3ECF79E@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14302-1 Rating: moderate References: #1155372 #1163871 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: spacecmd: - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA: zypper in -t patch suse-ubu184ct-client-tools-beta-202002-14302=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA (all): spacecmd-4.1.3-2.6.1 References: https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1163871 From sle-updates at lists.suse.com Fri Feb 28 10:28:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 18:28:05 +0100 (CET) Subject: SUSE-SU-2020:14301-1: moderate: Security Beta update for Salt Message-ID: <20200228172805.8A53FF79E@maintenance.suse.de> SUSE Security Update: Security Beta update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14301-1 Rating: moderate References: #1163981 Cross-References: CVE-2019-17361 Affected Products: SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following issues: salt: - Fix 'os_family' grain for Astra Linux Common Edition - Update to Salt version 2019.2.3 (CVE-2019-17361) (bsc#1163981) See release notes: https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html - Enable passing grains to start event based on 'start_event_grains' configuration parameter Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA: zypper in -t patch suse-ubu164ct-salt-beta-202002-14301=1 Package List: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA (all): salt-common-2019.2.2+ds-1.1+9.6.1 salt-minion-2019.2.2+ds-1.1+9.6.1 References: https://www.suse.com/security/cve/CVE-2019-17361.html https://bugzilla.suse.com/1163981 From sle-updates at lists.suse.com Fri Feb 28 10:30:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 18:30:51 +0100 (CET) Subject: SUSE-RU-2020:14300-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20200228173051.7BDA8F79E@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14300-1 Rating: moderate References: #1155372 #1163871 Affected Products: SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: spacecmd: - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA: zypper in -t patch suse-ubu164ct-client-tools-beta-202002-14300=1 Package List: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA (all): spacecmd-4.1.3-2.6.1 References: https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1163871 From sle-updates at lists.suse.com Fri Feb 28 10:33:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 18:33:44 +0100 (CET) Subject: SUSE-SU-2020:0538-1: moderate: Security Beta update for Salt Message-ID: <20200228173344.E7471F798@maintenance.suse.de> SUSE Security Update: Security Beta update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0538-1 Rating: moderate References: #1163981 Cross-References: CVE-2019-17361 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following issues: salt: - Fix 'os_family' grain for Astra Linux Common Edition - Update to Salt version 2019.2.3 (CVE-2019-17361) (bsc#1163981) See release notes: https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html - Enable passing grains to start event based on 'start_event_grains' configuration parameter Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-2020-538=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): python2-salt-2019.2.3-49.9.1 python3-salt-2019.2.3-49.9.1 salt-2019.2.3-49.9.1 salt-doc-2019.2.3-49.9.1 salt-minion-2019.2.3-49.9.1 References: https://www.suse.com/security/cve/CVE-2019-17361.html https://bugzilla.suse.com/1163981 From sle-updates at lists.suse.com Fri Feb 28 10:36:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 18:36:31 +0100 (CET) Subject: SUSE-RU-2020:0537-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20200228173631.42C4FF798@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0537-1 Rating: moderate References: #1155372 #1163871 Affected Products: SUSE Manager Tools 12-BETA SUSE Manager Tools 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: kiwi-desc-saltboot: - Add support for FQDN as a terminal name - Workaround for dig writing error messages to stdout spacecmd: - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) spacewalk-client-tools: - Spell correctly "successful" and "successfully" Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-2020-537=1 - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2020-537=1 Package List: - SUSE Manager Tools 12-BETA (noarch): python2-spacewalk-check-4.1.2-55.6.1 python2-spacewalk-client-setup-4.1.2-55.6.1 python2-spacewalk-client-tools-4.1.2-55.6.1 spacecmd-4.1.3-41.6.1 spacewalk-check-4.1.2-55.6.1 spacewalk-client-setup-4.1.2-55.6.1 spacewalk-client-tools-4.1.2-55.6.1 - SUSE Manager Tools 12 (noarch): kiwi-desc-saltboot-0.1.1580471316.1839544-1.18.1 References: https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1163871 From sle-updates at lists.suse.com Fri Feb 28 13:13:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 21:13:28 +0100 (CET) Subject: SUSE-RU-2020:14304-1: moderate: Recommended update for permissions Message-ID: <20200228201328.8E375F79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14304-1 Rating: moderate References: #1160594 #1160764 #1163922 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for permissions fixes the following issues: Security issues fixed: - CVE-2020-8013: Fixed a missing symlink check. Do not follow symlinks that are the final path element (bsc#1163922). - Fixed a regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-permissions-14304=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-permissions-14304=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-permissions-14304=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-permissions-14304=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 s390x x86_64): permissions-2013.1.7-0.6.12.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): permissions-2013.1.7-0.6.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64): permissions-debuginfo-2013.1.7-0.6.12.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): permissions-debuginfo-2013.1.7-0.6.12.1 References: https://www.suse.com/security/cve/CVE-2020-8013.html https://bugzilla.suse.com/1160594 https://bugzilla.suse.com/1160764 https://bugzilla.suse.com/1163922 From sle-updates at lists.suse.com Fri Feb 28 13:16:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 21:16:28 +0100 (CET) Subject: SUSE-SU-2020:0547-1: moderate: Security update for permissions Message-ID: <20200228201628.42E59F79E@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0547-1 Rating: moderate References: #1148788 #1160594 #1160764 #1161779 #1163922 Cross-References: CVE-2019-3687 CVE-2020-8013 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for permissions fixes the following issues: Security issues fixed: - CVE-2019-3687: Fixed a privilege escalation which could allow a local user to read network traffic if wireshark is installed (bsc#1148788) - CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922). Non-security issues fixed: - Fixed a regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594). - Fixed capability handling when doing multiple permission changes at once (bsc#1161779). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-547=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): permissions-20181116-9.23.1 permissions-debuginfo-20181116-9.23.1 permissions-debugsource-20181116-9.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): permissions-zypp-plugin-20181116-9.23.1 References: https://www.suse.com/security/cve/CVE-2019-3687.html https://www.suse.com/security/cve/CVE-2020-8013.html https://bugzilla.suse.com/1148788 https://bugzilla.suse.com/1160594 https://bugzilla.suse.com/1160764 https://bugzilla.suse.com/1161779 https://bugzilla.suse.com/1163922 From sle-updates at lists.suse.com Fri Feb 28 13:19:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 21:19:43 +0100 (CET) Subject: SUSE-SU-2020:0545-1: moderate: Security update for permissions Message-ID: <20200228201943.677CDF79E@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0545-1 Rating: moderate References: #1123886 #1160594 #1160764 #1161779 #1163922 Cross-References: CVE-2020-8013 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for permissions fixes the following issues: Security issues fixed: - CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922). Non-security issues fixed: - Fixed a regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594). - Fixed capability handling when doing multiple permission changes at once (bsc#1161779). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-545=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-545=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-545=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-545=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-545=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-545=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-545=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-545=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-545=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-545=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-545=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): permissions-2015.09.28.1626-17.27.1 permissions-debuginfo-2015.09.28.1626-17.27.1 permissions-debugsource-2015.09.28.1626-17.27.1 - SUSE OpenStack Cloud 8 (x86_64): permissions-2015.09.28.1626-17.27.1 permissions-debuginfo-2015.09.28.1626-17.27.1 permissions-debugsource-2015.09.28.1626-17.27.1 - SUSE OpenStack Cloud 7 (s390x x86_64): permissions-2015.09.28.1626-17.27.1 permissions-debuginfo-2015.09.28.1626-17.27.1 permissions-debugsource-2015.09.28.1626-17.27.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): permissions-2015.09.28.1626-17.27.1 permissions-debuginfo-2015.09.28.1626-17.27.1 permissions-debugsource-2015.09.28.1626-17.27.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): permissions-2015.09.28.1626-17.27.1 permissions-debuginfo-2015.09.28.1626-17.27.1 permissions-debugsource-2015.09.28.1626-17.27.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): permissions-2015.09.28.1626-17.27.1 permissions-debuginfo-2015.09.28.1626-17.27.1 permissions-debugsource-2015.09.28.1626-17.27.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): permissions-2015.09.28.1626-17.27.1 permissions-debuginfo-2015.09.28.1626-17.27.1 permissions-debugsource-2015.09.28.1626-17.27.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): permissions-2015.09.28.1626-17.27.1 permissions-debuginfo-2015.09.28.1626-17.27.1 permissions-debugsource-2015.09.28.1626-17.27.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): permissions-2015.09.28.1626-17.27.1 permissions-debuginfo-2015.09.28.1626-17.27.1 permissions-debugsource-2015.09.28.1626-17.27.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): permissions-2015.09.28.1626-17.27.1 permissions-debuginfo-2015.09.28.1626-17.27.1 permissions-debugsource-2015.09.28.1626-17.27.1 - SUSE CaaS Platform 3.0 (x86_64): permissions-2015.09.28.1626-17.27.1 permissions-debuginfo-2015.09.28.1626-17.27.1 permissions-debugsource-2015.09.28.1626-17.27.1 - HPE Helion Openstack 8 (x86_64): permissions-2015.09.28.1626-17.27.1 permissions-debuginfo-2015.09.28.1626-17.27.1 permissions-debugsource-2015.09.28.1626-17.27.1 References: https://www.suse.com/security/cve/CVE-2020-8013.html https://bugzilla.suse.com/1123886 https://bugzilla.suse.com/1160594 https://bugzilla.suse.com/1160764 https://bugzilla.suse.com/1161779 https://bugzilla.suse.com/1163922 From sle-updates at lists.suse.com Fri Feb 28 13:23:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Feb 2020 21:23:01 +0100 (CET) Subject: SUSE-SU-2020:14304-1: moderate: Security update for permissions Message-ID: <20200228202301.15D36F79E@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14304-1 Rating: moderate References: #1160594 #1160764 #1163922 Cross-References: CVE-2020-8013 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for permissions fixes the following issues: Security issues fixed: - CVE-2020-8013: Fixed a missing symlink check. Do not follow symlinks that are the final path element (bsc#1163922). - Fixed a regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-permissions-14304=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-permissions-14304=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64): permissions-2013.1.7-0.6.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): permissions-debuginfo-2013.1.7-0.6.12.1 References: https://www.suse.com/security/cve/CVE-2020-8013.html https://bugzilla.suse.com/1160594 https://bugzilla.suse.com/1160764 https://bugzilla.suse.com/1163922 From sle-updates at lists.suse.com Fri Feb 28 16:13:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Feb 2020 00:13:15 +0100 (CET) Subject: SUSE-RU-2020:0548-1: important: Recommended update for suse-migration-services Message-ID: <20200228231315.E9D4CF79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-migration-services ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0548-1 Rating: important References: #1156068 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-migration-services fixes the following issues: - Fixed handling console log service that holds a busy state on the system-root mount because the log file is written on the host to migrate. At reboot time the service should be stopped to allow a clean umount procedure prior reboot. (bsc#1156068) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-548=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): suse-migration-services-2.0.8-1.15.2 References: https://bugzilla.suse.com/1156068 From sle-updates at lists.suse.com Sat Feb 29 07:13:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Feb 2020 15:13:06 +0100 (CET) Subject: SUSE-RU-2020:0549-1: moderate: Recommended update for libgcrypt Message-ID: <20200229141306.9F804F79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0549-1 Rating: moderate References: #1155439 #1164950 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libgcrypt fixes the following issues: - Run the FIPS self-tests from the constructor (bsc#1164950) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-549=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-549=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-549=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-549=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-549=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-549=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libgcrypt-debugsource-1.8.2-6.29.1 libgcrypt-devel-1.8.2-6.29.1 libgcrypt-devel-debuginfo-1.8.2-6.29.1 libgcrypt20-1.8.2-6.29.1 libgcrypt20-debuginfo-1.8.2-6.29.1 libgcrypt20-hmac-1.8.2-6.29.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libgcrypt20-32bit-1.8.2-6.29.1 libgcrypt20-32bit-debuginfo-1.8.2-6.29.1 libgcrypt20-hmac-32bit-1.8.2-6.29.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libgcrypt-debugsource-1.8.2-6.29.1 libgcrypt-devel-1.8.2-6.29.1 libgcrypt-devel-debuginfo-1.8.2-6.29.1 libgcrypt20-1.8.2-6.29.1 libgcrypt20-debuginfo-1.8.2-6.29.1 libgcrypt20-hmac-1.8.2-6.29.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libgcrypt-cavs-1.8.2-6.29.1 libgcrypt-cavs-debuginfo-1.8.2-6.29.1 libgcrypt-debugsource-1.8.2-6.29.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.8.2-6.29.1 libgcrypt-devel-1.8.2-6.29.1 libgcrypt-devel-debuginfo-1.8.2-6.29.1 libgcrypt20-1.8.2-6.29.1 libgcrypt20-debuginfo-1.8.2-6.29.1 libgcrypt20-hmac-1.8.2-6.29.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libgcrypt20-32bit-1.8.2-6.29.1 libgcrypt20-32bit-debuginfo-1.8.2-6.29.1 libgcrypt20-hmac-32bit-1.8.2-6.29.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libgcrypt-debugsource-1.8.2-6.29.1 libgcrypt-devel-1.8.2-6.29.1 libgcrypt-devel-debuginfo-1.8.2-6.29.1 libgcrypt20-1.8.2-6.29.1 libgcrypt20-debuginfo-1.8.2-6.29.1 libgcrypt20-hmac-1.8.2-6.29.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libgcrypt20-32bit-1.8.2-6.29.1 libgcrypt20-32bit-debuginfo-1.8.2-6.29.1 libgcrypt20-hmac-32bit-1.8.2-6.29.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libgcrypt-debugsource-1.8.2-6.29.1 libgcrypt-devel-1.8.2-6.29.1 libgcrypt-devel-debuginfo-1.8.2-6.29.1 libgcrypt20-1.8.2-6.29.1 libgcrypt20-debuginfo-1.8.2-6.29.1 libgcrypt20-hmac-1.8.2-6.29.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libgcrypt20-32bit-1.8.2-6.29.1 libgcrypt20-32bit-debuginfo-1.8.2-6.29.1 libgcrypt20-hmac-32bit-1.8.2-6.29.1 References: https://bugzilla.suse.com/1155439 https://bugzilla.suse.com/1164950 From sle-updates at lists.suse.com Sat Feb 29 13:13:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Feb 2020 21:13:13 +0100 (CET) Subject: SUSE-RU-2020:0550-1: moderate: Recommended update for go1.14 Message-ID: <20200229201313.419EDF79E@maintenance.suse.de> SUSE Recommended Update: Recommended update for go1.14 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0550-1 Rating: moderate References: #1164903 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for go1.14 fixes the following issues: go1.14 (released 2020-02-25) is a major release of Go. (bsc#1164903) go1.14.x minor releases will be provided through February 2021. https://github.com/golang/go/wiki/Go-Release-Cycle Most changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * See release notes https://golang.org/doc/go1.14. Excerpts relevant to OBS environment and for SUSE/openSUSE follow: * Module support in the go command is now ready for production use, and we encourage all users to migrate to Go modules for dependency management. * RISC-V experimental support for 64-bit RISC-V on Linux (GOOS=linux, GOARCH=riscv64). Be aware that performance, assembly syntax stability, and possibly correctness are a work in progress. * When the main module contains a top-level vendor directory and its go.mod file specifies go 1.14 or higher, the go command now defaults to -mod=vendor for operations that accept that flag. A new value for that flag, -mod=mod, causes the go command to instead load modules from the module cache (as when no vendor directory is present). * When -mod=vendor is set (explicitly or by default), the go command now verifies that the main module's vendor/modules.txt file is consistent with its go.mod file. * go list -m no longer silently omits transitive dependencies that do not provide packages in the vendor directory. It now fails explicitly if -mod=vendor is set and information is requested for a module not mentioned in vendor/modules.txt. * The go get command no longer accepts the -mod flag. Previously, the flag's setting either was ignored or caused the build to fail. * mod=readonly is now set by default when the go.mod file is read-only and no top-level vendor directory is present. * modcacherw is a new flag that instructs the go command to leave newly-created directories in the module cache at their default permissions rather than making them read-only. The use of this flag makes it more likely that tests or other tools will accidentally add files not included in the module's verified checksum. However, it allows the use of rm -rf (instead of go clean -modcache) to remove the module cache. * modfile=file is a new flag that instructs the go command to read (and possibly write) an alternate go.mod file instead of the one in the module root directory. A file named go.mod must still be present in order to determine the module root directory, but it is not accessed. When -modfile is specified, an alternate go.sum file is also used: its path is derived from the -modfile flag by trimming the .mod extension and appending .sum. * packaging: drop patch gcc9-rsp-clobber.patch now merged in go1.14 * packaging: update version of LLVM compiler-rt * packaging: update _service definitions * packaging: update %doc entries rm devel/ add modules.md * doc: rename HTML element IDs to avoid duplicates * net: don't check LookupHost error in TestLookupNullByte * runtime: don't treat SIGURG as a bad signal * internal/bytealg: fix riscv64 offset names * doc: remove paragraph break for upgrading to modules * syscall: Revert "release a js.Func object in fsCall" * doc/go1.14: note that all changes to the standard library are minor * doc/go1.14: fix broken links * doc/go1.14: remove TODO about Solaris port Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-550=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): go1.14-1.14-1.3.1 go1.14-doc-1.14-1.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): go1.14-race-1.14-1.3.1 References: https://bugzilla.suse.com/1164903